The simple solution is to get individual certs.
So, this (to me) will only really affect those that:
- insist on using a single cert for all their FQDNs
and - use
DNS-01authentication
and - use multiple DSPs
Even if each of those categories has 20% of all issued certs, the resulting intersection (group) would be 20% of 20% of 20% or less than 1%.
[yeah, that is extremely quick mafs, but it shows how unlikely/uncommon this use case should be]