Hi @ravecat
that blocks all.
0 issue "letsencrypt.org"
is the typical definition.
That allows Letsencrypt to create non-wildcard and wildcard-certificates.
If you don't want to allow wildcards, add
0 issuewild ";"
PS: If you want that
you must allow both, *.example.com + example.com.
PPS: That's only required if you want to create a wildcard certificate. If you create a certificate with a lot of subdomains, that's not a wildcard certificate.