For one, they had a a major f-up with eIDs in 2017: https://ria.ee/en/news/estonia-resolves-its-id-card-crisis
And they are just good at marketing. Belgium had eIDs earlier never messed up so much as Estonians.
Yeah, but it was the vendor who fucked up, not them. One can argue that using long-term certificates is bad practice in itself, but that's arguable.