Even with good tooling the current restrictions on Let's Encrypt make it impossible, you can batch many subdomains into 1 request however if you're requesting subdomains by customer username or similar, you can't exactly wait around to batch them. And you can only make a maximum of 5 requests per week, so unless you're incredibly tiny it's non-viable.
I don't understand why Let's Encrypt can't consider validation of the root domain good enough to produce a wildcard. Email at the root domain is what most providers use, not exactly much worse.
EDIT: It's now 20 per domain per week, better but still not viable for even a mid scale operation. A single wildcard is a much nicer and easier to maintain solution in any case.
I don't understand why Let's Encrypt can't consider validation of the root domain good enough to produce a wildcard. Email at the root domain is what most providers use, not exactly much worse.
EDIT: It's now 20 per domain per week, better but still not viable for even a mid scale operation. A single wildcard is a much nicer and easier to maintain solution in any case.