Letsencrypt.org recently started making production wildcard certs available. https://community.letsencrypt.org/t/acme-v2-production-environment-wildcards...
Now also covering balug.org :-) (and sf-lug.org, sf-lug.com) $ TZ=GMT0 nmap -6 -Pn -r -sT -p 443 --script=ssl-cert www.balug.org | egrep -e '^(Nmap scan report for |Other addresses for || (ssl-cert: Subj|Subject Alt|Not valid a))' Nmap scan report for www.balug.org (2001:470:1f05:19e::2) Other addresses for www.balug.org (not scanned): 198.144.194.238 | ssl-cert: Subject: commonName=*.balug.org | Subject Alternative Name: DNS:*.archive.balug.org, DNS:*.balug.org, DNS:*.beta.balug.org, DNS:*.ipv4.balug.org, DNS:*.ipv6.balug.org, DNS:*.new.balug.org, DNS:*.php.test.balug.org, DNS:*.secure.balug.org, DNS:*.test.balug.org, DNS:*.wiki.balug.org, DNS:balug.org | Not valid after: 2018-06-15T07:39:09 $