For my previous use cases, it's ideal for dynamically created subdomains of a web application. If I know ahead of time, it's easy to grab a cert for any subdomain. However if a user is creating subdomains for a custom site or something similar, it's much nicer/easier to have the wildcard cert.

The lets-encrypt demo makes it look like you could easily script cert acquisition for new subdomains. And the CA domain validation appears to be totally automated (and fast).

The downside is that now I have to manage and deal with multiple certs for all of my sub-domains, rather than dealing with a single cert/key pair.

Lots of services create dynamic subdomains in the form of "username.domain.com". To offer SSL on those domains without a wildcard certificate, you'd need to obtain a new certificate and a new IPv4 address every time a user signs up. You also need to update configuration and restart the web server process.

You don't need a new IPv4 address for each cert. That's for Windows XP. Just stop giving a shit about XP and use SNI. Problem solved.

Try telling that to any business. XP's marketshare worldwide is between 10-20% according to some metrics (cursory google result: http://www.netmarketshare.com/operating-system-market-share....)

There are very few companies out there that are okay with serving 1/5th of their potential customers an error page, and for good reason.

Looking at a recently created map by cloudflare (http://blog.cloudflare.com/introducing-universal-ssl/ http://cloudflare.github.io/sni-visualization/) it looks that a large portion of that seems to come from china.

A quick glance over EU countries reveals that more than 91% of potential users support SNI.

It might depend on your line of business but I think for some entities this might be a viable option