@schoen but Multi Domain and wildcard are not the same thing. refer to https://casecurity.org/2014/02/26/pros-and-cons-of-single-domain-multi-domain-and-wildcard-certificates/ for more info.
@Meitzi How is it bad? Any smart site would have a user control panel allowing you to dictate what domains are allowed to use your multi domain cert. So if you lost a domain you could remove that domain from the list revoking its access and generating new keys automatically for your other domains. (This should be a thing and if it isn’t then someone should make it a thing.)
Also i think there is a misconception here.
The certs are stored on your server not the domain so even if you “lose” a domain you still own the server the domain was attached to. So the certs can only be used by you and they wont transfer to another owner unless you give them your server.
And when you lose a domain it’s always smart to disabled that domain from accessing your server via apache, ISS, or nginx configs by removing the server block or whatever in the non-nginx configs for that specific domain.
Who is telling you guys that your certs transfer with your domains? Because whoever they are they must be lying.
Your domains are registered with a Domain Registrar and the smartest thing to do is NOT host your server with that domain registrar. Take me for example all my domains are registered with https://www.dynadot.com/ and i have a VPS with https://www.vultr.com/ for the server. So even if i sold my domain to somebody else i wouldn’t give them access to my server because it has all my stuff on it and they need to go purchase their own.
I also have a cloudflare setup and my domain registrar points to cloudflares name servers. (for cache purposes)
I don’t see any problem with Multi Domain SSL. I don’t recommend it for those that can’t manage a server on linux or windows properly because that alone defeats the purpose of even having ssl in the first place since the servers won’t be secure anyway.