I think I've seen one or two, and only because I noticed them as a weird callout in a $LARGE_FINANCE_INSTITUTION infosec bingo sheet. Of course I had to check that they really were running with OV certs.

Some of the outfits in that space will be heavily hit by the shortening certificate max-lifetimes, and I do hope that the insurance companies at some point also stop demanding a cert rotation before 90 days to expiry. It's a weird feeling to redline a corporate insurance policy when their standard requirements are 15 years out of date.

> when their standard requirements are 15 years out of date

I swear half of my "compensating control" responses are just extended versions of "policy requirement is outdated or was always bad".

> I do hope that the insurance companies at some point also stop demanding a cert rotation before 90 days to expiry

It's not like you have a lot of choices when certificates are only valid for 47 days in 2029!

Before LE, we did lots of OV (which you generally could get a couple of for free from somewhere). We had to dig up stuff like a heating bill, because evidently that is proof of organizational control to some people.