@cloudops refers to a cheapsslsecurity faq that makes me curious...
It says that their...
multi-domain wildcard SSL certificate allows you to purchase a single SSL certificate, and add the above 7 sites as SANs (subject alternative names) to the SSL certificate.
It doesn't sound like a magic cert that gets around the DNS limit somehow. It is just a standard wildcard cert that is also using the SAN record to get to the next level of subdomains.
Is this something that can be done with the Let's Encrypt wildcard certs also?
It sounds like that would solve the issue for @cloudops.