[techsupporter]

Seems very clever, but I have to ask:

> DV certificates are $15.95/year per domain,

Not a bad price, very much one I'd be willing to pay in order to get certificates via a CLI.

> or $149.95/year for unlimited sub-domains.

Ouch, 10x for a wild card? Why do issuers do this? It really puts a crimp on the whole "hobbyist doing hobbyist things" since that's $150/year just to not have cert errors on a single domain.

(FWIW, I'm deliberately excluding StartSSL for a variety of reasons.)

[shabble]

The cynic in me presumes that it's to make up for the lost cash in charging you individually for all those subdomains.

What do you mean about cert errors on a single domain [requiring a wildcard]? Because you use a lot of subdomains, or the bare domain/www. prefix?

If it's the latter, I think some (many?) registrars may let you add one or more SubjectAltName[1] values to a single cert for free or minimal cost, at least compared to a wildcard.

[1] Other values for which the certificate is considered valid: https://en.wikipedia.org/wiki/SubjectAltName

[somesay]

I wonder why you're excluding StartSSL. It's no matter if you trust them as long as all major OS/browsers trust them.

[digi_owl]

Could be it also discourages script kiddies from pulling antics.

[madaxe_again]

Not sure why you've been downvoted - this is pretty much the reason for elevated pricing of wildcard certs. They are more open to abuse (have seen them used for phishing sites), so the issuer carries a higher risk of having to do additional management around the cert (i.e. revocations), so therefore charge more.