A san cert for the following works (I used to have one like the following)
*.sub1.domain1.com
*.sub2.domain1.com
*.domain1.com
domain1.com
*.sub1.domain2.com
*.sub2.domain2.com
*.domain2.com
domain2.com
So, it can do multiple domains and do multiple wildcards in the cert but it cannot do one like the following.
*.*.domain1.com
I can provide the cert if you'd like proof
edit: blockquotes
Yep, this will work the same was as domainA.com and domainB.com in the same certificate works today.
Yep.
Eventually, yes. We still need to do the implementation work. For now, if you want to try out the v2 API, you can try our testbed server, Pebble.
yes, please at first for 180 days. hopefuully !!
Iâm in no way related to Letâs Encrypt, but I believe the 90-day expiration was a very deliberate decision, and I wouldnât expect it to change. I feel your pain, Iâm stuck maintaining a cert on GoDaddy shared hosting for a nonprofit I support. This means I have to paste the cert into cPanel every few months because GoDaddy shared hosting doesnât support automated renewals. Itâs somewhat unpleasant, but even so, I appreciate the 90-day validity period. Maintaining that quarterly is a really small price to pay.
There is a very long thread about the certificate lifetime issue, starting back in 2015.
Please take any discussions about that aspect over to that thread.
Oh hot damn! Thatâs great news, great great great news in Letâs Encrypt secure socket layer developments!
Glad youâre excited about them! By next year, maybe we can think of them as transport layer security developments. 
Nothing but the best for a faster, more secure world wide web!
this actually adds more work
if you choose a random subdomain you still have to create a DNS record for it so it can point to a web server to pass the HTTP challenge
so if you are going to update the DNS wouldnât it be easier to do it once?
Andrei
this was discussed earlier on in the chain
Will ECDSA certificates be supported in wildcard at launch too?
Also, is there any word about launching a full EC CA?
You can get EC Certificates from Letâs Encrypt currently
Are you talking about an EC Intermediate?
Andrei
First question is whether EC certificate support will continue with wildcard support.
Second question is in fact when EC intermediate/root will be rolled out.
ECDSA support is unrelated to wildcard issuance. There is no reason why wildcards would be limited to RSA.
Dedicated ECDSA roots and intermediates are scheduled for âBefore September 1, 2017â, according to the Upcoming Features page.
Of course, DNS CAA issuewild will be respected, right?
You create a wildcard DNS entry once, then use that to do whatever HTTP validation.
In a lot of contexts (e.g., shared web hosting) itâs much easier to manipulate a web server than DNS.
I see no reason why it shouldnât as CAA operates at the domain name level, at the same level as all your other DNS records.
Reading through the thread, will SAN be supported?
Although itâs often mistakenly thought of as an alias actually SANs (Subject Alternative Names) are a mandatory feature of all modern certificates in the Web PKI. So yes, as far as Letâs Encrypt is concerned a wildcard is just another SAN dnsName it will add to your cert if you prove control over the name and you will be able to have up to 100 of them in a cert or mix and match with ordinary fully qualified domain names.