I would strongly suggest that these certs have no reason to be from a public CA and thus you can (and should) move them to a private CA where these rules don't apply.
For those who want to solve the problem buy throwing money at it, one can probably buy a solution for this. I’m thinking of stuff like AWS IoT Core, I would guess there are other vendors in that space too.