[Moderator’s note: if you want to express support for wildcard issuance, please hit ‘like’ on this post rather than starting a new thread.]
In your FAQ you write:
Hopefully wildcards aren’t necessary for the vast majority of our
potential subscribers because it should be easy to get and manage
certificates for all subdomains.
That is not necessary true for a few techniques that would quite benefit from Let’s Encrypt. One new technique that will face unnecessary complexity without wildcard certificates is DANE.
I could use a different certificate for each FQDN that uses DANE. This would make it necessary to have a lot of different TLSA records that need to be managed in my DNS zone instead of CNAMEs pointing to one TLSA record.
Also, multiple certificates are not possible for something like mailservers which do not have SNI capabilities and which are the main beneficiaries from DANE.
So I would need a certificate with SANs and every time I add a new name to my mailserver I would need to reissue the certificate with an additional SAN entry and change the TLSA record in the DNS, raising the possibility of operator errors and complexity.
There are other scenarios which would benefit from wildcard certificates as well so please consider adding support for them rather sooner than later.