If you don't have an actual reason (dynamic subdomains, or you don't want your subdomains in the certificate transparency logs) don't get a wildcard.
It's harder to manage and obtain, and more dangerous if compromised.
2 Likes