[ultramancool]

It's very, very hard for traditional CAs to compete with free, trusted in all major platforms and with dead simple set up. Hopefully this sort of scheme, combined with the added trust of Certificate Transparency, can kill off most traditional CAs.

The only reason I would still buy 1 certificate is for wildcard support.

[josho]

Wait. Where can I get free certs today? Or did you mean once this service goes live?

I've used StartSSL, but somehow messed up the process and can't issue a new cert unless I pay to revoke the current. Even then their free certs expire in a year.

The only other free cert I found was from Comodo, but it expires after 90 days.

So, I wouldn't exactly say the only reason to pay for a cert is for wildcard support.

[ultramancool]

Yes, I was saying once this service goes live. But currently I've had 0 issues with StartSSL including renewals and getting multiple certs for a single domain. You do not need to revoke to get more certs from it in my experience at least. Paying for certs is just generally pointless right now even.

[bobzilla42]

You can use a different dummy subdomain as the first entry to issue another cert, adding the subdomains you really want as secondaries. See https://kuix.de/blog/index.php?entry=entry140827-231120