Wildcard domains aren't supported by Let's Encrypt last I checked.
StartCom provided GNOME with a free account which can create certificates (including the wildcard ones and so on). Those are pretty much mandatory in certain cases (secure Bugzilla attachment hosting).
I actually asked Eddy Nigg (startcom CTO) to do the gnome deal and give us ssl certs for free (back when I was able to ssh/irc from work and be a member of the GNOME Sysadmin Team), which they did. As much hate as they get, they are one of the few "secure" CAs of all of them I've ever worked with. One of the more quiet things when it was first revealed Comodo was hacked was that Startcom was also hacked. Eddy went on the record as bragging not a single rogue SSL certificate was issued as they have a human validate every single certificate request (yes seriously) and that prevented any rogue certificates.
So as much as people think Startcom is scummy, they are actually pretty decent people. They're also quite secure. So YMMV.
This was long before the alleged sale to china though, maybe 5-8 years ago? I forget.
I agree with you, there is no alternative to StartCom right now in wildcard certs. While GNOME got a free account to get those certs, the last time i checked is still the cheapest way to get wildcard certificates (60 usd for unlimited wildcard certs).
It also removes the complexity of having to deploy let's encrypt certificates every X months without storing the LE's account key online. But if they release certificates for anybody claiming to be you there is no advantage in this area.
> Wildcard domains aren't supported by Let's Encrypt last I checked.
But with ACME, the need for wildcard certs is strongly reduced. If you don't need dynamic, on-the-fly subdomain creation, it's trivial to have Let's Encrypt generate certs with all the subdomains you need (especially now that the limits are much higher than during beta).
I believe that's exactly the use case of secure Bugzilla attachment hosting the OP mentioned. IIRC, it will generate the subdomain on the fly using ticket ID in the form of bug12345.bugzilla.example.com to host the attachment.
StartCom provided GNOME with a free account which can create certificates (including the wildcard ones and so on). Those are pretty much mandatory in certain cases (secure Bugzilla attachment hosting).