The status.ovirt.org certificates expires in April; we have some time but it would be nice to replace Digicert by Let's Encrypt. I see that the cert-manager operator can do that but I have no experience with such integration. It seems like the way to go though (or with another implementation).
I would like to point out that we would need support for HTTP01. DNS01 would be nice but unless we convert the ovirt.org domain fully into a dynamic zone, which I do not recommend, there is an option to use CNAMEs to a dynamic sub-zone; it works fine but it is not yet merged upstream (see https://github.com/certbot/certbot/pull/7244).