In this article, https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning, it reads:
"Even though Google rotates its certificates, the underlying public keys (within the certificate) remain static."
If I want to implement this so that I have a static public key, but can rotate the certificate, how do I go about doing this?
Just keep generating new CSRs from the same keypair.
Even more economically, just keep resubmitting the same CSR, as long as the underlying identification information hasn't changed. I've been doing this for many years.