There’s many threads on this, dating back to many years ago, most if not all closed.
For large universities, the rate limiting system is broken. I’m an admin at tuwien.ac.at. Every department, faculty, workgroup is issued its own sub domain. So to be precise, I’m an admin for media.tuwien.ac.at. There are hundreds of other subdomains, which hundreds of other admins are responsible for. We do not talk to each other, we have no shared mailing list, we’re not even in the same building or near each other. I have no idea what they do, they have no idea what I do, and the reality is, this isn’t going to change - so we won’t be able to ho the wildcard cert path.
I’ve been happily maintaining a handful auf media.tuwien.ac.at subdomains with lets encrypt. Sofar all worked well because I guess I was one of the first admins to start using let’s encrypt. Today I wanted to fire up a new subdomain, but because someone or many other admins have started using lets encrypt to I’m barred from doing so.
For me, the logical step would be for let’s encrypt to move up rate limits for academic domains by one level. So media.tuwien.ac.at has its own limit, bar.tuwien.ac.at has its own limit, etc - because while on paper we are all one big happy family, in reality we are fragmented, and will unfortunately probably always be.
Thank you for your consideration.