I have big problem with ours short period certificate issue.
I count that I have about 30 - 40 subdomains on my primary domain (means something.example.com). You don’t want issue wildcard certificate… that means for my that should create 40 certificates
and than log into each server and add certificate… and this I should do every 90 days??? Are you crasy???
we have many servers based on 3rd party solutions… like mail server, backup server, domain server, remote management server, vmware etc … this server will never support auto revocation of certificate. Is absolutely needed for this server have certificate with validity in YEARS !!!
Same problem i with your policy that you don’t want issue WILDCARD certificate … that’s means, I will be forced setup another sertificate on each server. That is nightmare.