[bemused]

set up your own dns-server for wildcard certificate validation on all your domains:

https://github.com/joohoi/acme-dns

quite straightforward to set up - works great here for ~50 domains from various registrars

[ajphdiv]

Wow. Why did I not think of this. Thanks for sharing.

[_nickwhite]

This seems like a good idea... until your self-hosted DNS server starts getting DoS attacked. I've had seemingly innocent servers practically taken off the Internet with UDP/53 floods- very easy for any 12-year-old to execute.

[bemused]

this dns server only needs to run for 5 minutes every 4 weeks while renewing certs - no open ports otherwise