First, I plan to use a cheap RapidSSL certificate or something similar for domain.tld & www.domain.tld, and Let’s Encrypt for everything else. I’ve never used LE’s wildcard feature and I see lots of potential for mistakes. Aside from running LE’s script in dry run mode first, does anybody have suggestions or caveats about mixing certificates this way?
Second, for the purposes of using a LE wildcard certificate, is an Apache config necessary and do I need a wildcard subdomain created in Siteworx? Or will a wildcard A record or CNAME for *.domain.tld be enough? The former makes the most sense, where as the latter seems like any directory can be translated into a subdomain, which sounds like trouble to me.
I’m interested in best practices, pros & cons, etc. Thanks!