Well - because one would need a dedicated Employee to convince thousands of (not computer savvy) Customers that it’s SAFE to accept a self-signed Cert - even if their Browser is telling them it’s not safe … 
(apart the fact that this wouldn’t be a clean solution …)
Anyway - I just wanted to know if there is any way to solve this specific Problem with LE which I was overlooking … it seems there isn’t … so I guess I have to go for the Wildcard approach - even if this will double Apache VHosts … (guess Apache is able to handle it …)
Thx