There's an oft-neglected issue with this. From experience, when a hosting company supplies an SSL certificate to a customer, here's the usual process. The first thing that happens is the site totally breaks because browsers won't render mixed content.
So the customer calls their developer and their developer calls the host and insists it's a server problem and someone spends an hour or more explaining what mixed content is to a developer and how to fix it.
Then someone runs it through the SSLLabs test and decides they don't like seeing RC4 supported. So you provide some warnings regarding it, confirm, and then oblige, but then you get angry, aggressive emails because their entire office uses Windows XP and their website doesn't work.
A company can burn hours on every individual SSL deployment. There's plenty of unfortunate incentives against hosting companies.
So the customer calls their developer and their developer calls the host and insists it's a server problem and someone spends an hour or more explaining what mixed content is to a developer and how to fix it.
Then someone runs it through the SSLLabs test and decides they don't like seeing RC4 supported. So you provide some warnings regarding it, confirm, and then oblige, but then you get angry, aggressive emails because their entire office uses Windows XP and their website doesn't work.
A company can burn hours on every individual SSL deployment. There's plenty of unfortunate incentives against hosting companies.