@matigo Let's Encrypt doesn't have wildcard certificates, so you'd need to either support SNI on your SSL termination server or put every domain as a SAN entry. Having more than 20 domains in SAN is commonly not recommended (LE enforces an arbitrary limit of 100) because it increases the size of the certificate to the point where the TLS handshake significantly slows down