Wildcard DV certs cover a domain and any number of subdomains (*.example.com)

wow, that's what i've been looking for! i'm managing two international dot com websites catering to all the circa 200 countries in the world. like many other sites (e.g. de.wikipedia.org), i take the country code as subdomain.

what has always annoyed me is that many services see subdomains as completely different websites and not as part of one website. example.com/de is no problem, whereas de.example.com mostly is. i never understood why subdomains should have such issues, because they are naturally all served from one ip as well.

it's a major hassle to update these websites with letsencrypt. to renew the ssl certificates, they have to process several bulks of max 100 subdomains, which is their limit for bulk renewal. if you also provide random subdomains for user generated pages and the like, you are completely lost.

but from next year on i can conveniently wildcard them. great news!

Renewing every 90 days is not really a problem with LetsEnrcypt as it is usually automated.

i never understood why subdomains should have such issues, because they are naturally all served from one ip as well.

one of the primary geotargeting advantages of using subdomains for international sites is precisely so that each hostname can be hosted locally which would obviously require unique ip addresses.

Targeting site content to a specific country:
https://support.google.com/webmasters/answer/182192#2

Renewing every 90 days is not really a problem with LetsEnrcypt as it is usually automated.

yes, but i have to maintain and update a list of all my subdomains in use for renewal. that list changes over time and i have to roll up the process every time i create a new subdomain. apart from the mentioned problem of unknown subdomains: impracticable. so i'm glad that letsencrypt will offer wildcards in the future.

one of the primary geotargeting advantages of using subdomains for international sites is precisely so that each hostname can be hosted locally which would obviously require unique ip addresses.

firstly, you don't have to and i think most webmasters don't use different ips for their subdomains. secondly, it is also technically possible to use different ips on one and the same domain. so, stupid distiction to handle subdomains differently in that respect. for that reason, i find it inappropriate, that services (like letsencrypt for now) see subdomains as completely different websites, as if they don't belong to the same domain.

in other words: the assumption that example.com/de and de.example.com imply something other than just being different notations, is not only topically but even technically unsustainable.

i find it inappropriate, that services (like letsencrypt for now) see subdomains as completely different websites, as if they don't belong to the same domain.

You might want to take that up with Google and other search engines. :)

Actually, it's NOT unusual for subdomains to be completely different sites. I work with several subdomains that are not only hosted on completely different servers, but are operated by completely different companies. Using subdomains is a common practice by SaaS providers.

Actually, it's NOT unusual for subdomains to be completely different sites.

yes, but it's wrong to start from the premise that they actually are. could as well be, that different directories or other parts are hosted and operated by different companies. although inconvenient, it's technically feasible.

subdomain is an invalid distinguishing criterion. you simply can't tell from the web address which part of the website is attributable to whom. you will actually have to look at the site content to clear that up. what you can do is make a whois request, but then you get that information for the whole domain. so, the domain is the crucial criterium, nothing else. that's why subdomain wildcards are legit.

different directories or other parts are hosted and operated by different companies

AFAIK, that configuration would be handled on your server, whereas subdomains going to different IPs could be handled at the DNS level (as well as on your server).

I've been using Let's Encrypt certs on several sites for over a year. Never a problem, self-install easily every 90 days. I have a couple off-server utilities that can use the wildcard certs as well. Now I know where they'll be available.

Funny, as I recall there was someone here who very recently accused Let's Encrypt of being part of a bait'n switch conspiracy within the global security industry.

AFAIK, that configuration would be handled on your server, whereas subdomains going to different IPs could be handled at the DNS level (as well as on your server).

yes, you obviously can't point an ip to a directory directly through dns. but theoretically you could connect several ips to a single domain and then point each of them to different directories.

anyway, the point is, from a subdomain you can not tell if it's a different website, only from a domain. finally, i guess that's what i wanted to say ;)

TANSTAAFL ... so there is a bait and switch somewhere down the line (grins). The fact that these are 90 day wonders is the get 'em in the door as fast as possible. When market saturation has been achieved the hammer falls (billing). Not against freebies (hence the report as some here might find it useful) but the gift horse is thoroughly examined by this kiddie and, by the same token there's a batch of providers out there skinning the unaware and that also needs to be called out as well.

disclaimer, I don't use Lets Encrypt, but they appear useful for some.

Actually, it's NOT unusual for subdomains to be completely different sites.

yes, but it's wrong to start from the premise that they actually are.

the "host" part of the http url can be either a hostname or an IP address, so considering the url structurally you must consider a subdomain as if it were possibly hosted on a different server.
it would be "wrong to start from the premise that they actually" aren't.

https://www.w3.org/Protocols/HTTP/1.0/spec.html#http-URL

host = <A legal Internet host domain name or IP address (in dotted-decimal form), as defined by Section 2.1 of RFC 1123>

yes, you obviously can't point an ip to a directory directly through dns. but theoretically you could connect several ips to a single domain and then point each of them to different directories.

i understand that you can configure a server to Listen to several IP addresses and you can assign several of those IP addresses to a VirtualHost and give it a ServerName.
(assuming apache here)
i don't understand how you can translate the multiple IP addresses to the proper DocumentRoot directory specifications within a VirtualHost container...

https://httpd.apache.org/docs/current/urlmapping.html#documentroot

The DocumentRoot directive is set in your main server configuration file (httpd.conf) and, possibly, once per additional Virtual Host you create.

in other words: the assumption that example.com/de and de.example.com imply something other than just being different notations, is not only topically but even technically unsustainable.

you are correct about the topical part and google will typically treat subdomain vs subdirectory url structures equally in that sense.

Google On How They Treat Subdomains vs Subdirectories In 2016:
https://www.seroundtable.com/google-treat-subdomains-vs-subdirectories-22485.html [seroundtable.com]

however if your /de url is structured for geotargeting (as opposed to language targeting) you won't be able to optimize for that by hosting locally.

Targeting site content to a specific country:
https://support.google.com/webmasters/answer/182192#2