So as Mozilla has put a bullet in StartSSL’s head (causing mass problems with thousands of free users worldwide), I can see there is a big gap in functionality between LE and the more mature StartSSL offering.
Firstly, the requirement to validate every subdomain with LE is somewhat excessive. If you can validate the root domain (ie mydomain.com), it makes no sense to have to validate every subdomain of that (www.mydomain.com, mail.mydomain.com etc etc).
If a root domain is validated, allow certificates to be generated for any subdomain of that domain.
Secondly, I know its a widely held opinion, but 90 day expiry is almost taking the piss. StartSSL offered 1 year by default, and as of the last 6 months or so, allowed up to 3 years with Class 1 DV certificates.
As LE is the same classification of validation, there is no real reason to artificially limit certificates to 90 days.
Allow at least a 1 year validation window for SSL certificates.
While I’m using close to 30 StartSSL certificates, with the current state of CAs (including LE), I’m thinking of just moving various web servers to only non-encrypted versions instead of trying to massage them all into the LE way of thinking. However the two above requests would make LE much more useful as a certificate provider.