According to OPS/MVS manual,  3 certificates are needed to enable TLS for the following started tasks::

• Message Hub
• Message Server
• ESM Microservice

Is there any reason, why all three started task share the same digital certificates?

Release : 16.0

Component : CA Top Secret for z/OS

Technically all three started task can use the same digital certificate.

Its best practice to have a unique digital certificates for each address space or application.

Would it be good to have one key that unlocked your home, all your cars, work/office, work locker, gym locker, closets and gun safe..etc?

Think of the digital certificate as a key. What happens if it is stolen. They will have access to  everything if the certificate is used for everything. If there are multiple keys, one for each address space, hackers would only be able to compromise only one address space. They would have to steal/hack there way to the other two address spaces.