Sponge wouldn’t actually need to purchase a wildcard certificate for what most places sell them for: StartSSL class 1 certificates are free, and although they are meant for individuals it might be worth it to ask them to see if there is an option for a project like sponge, since sponge doesn’t really meet the requirements for either a personal or organizational validation.
It’s actually a decent chance that they would be allowed a free authentication, so they might be able to get a signed wildcard certificate for free.
The philosophy of StartCom is guided by the principle that our services are charged according to the effort we have to invest. Since Class 1 certificates are domain and/or email validated only and the process is performed mostly by electronic and automatic means, StartCom doesn’t apply any fees for this type of certification. StartCom started the certification authority a few years ago with the goal to provide free digital certification and adopted a unique business model previously unknown in this industry.
They have an SSL cert already. They’re not using it because I’m assuming they have a free cloudflare account. So… we need a premium cloudflare account.