You don't get kicked out of trusted roots for non-compliance, you get kicked out for continuing to knowingly issue non-compliant certs, failing to revoke non-compliant certs in a timely fashion once discovered, etc.

Pausing issuance immediately upon discovery of a compliance issue is the absolute correct response so as long as they do their followup appropriately there is absolutely zero risk of being distrusted.

That's why they take incidents like this seriously and stop issuance until it's fixed. They could get kicked out of trusted roots otherwise.

Change your config to ZeroSSL or another free ACME provider?