Having a certificate for any subdomain has implications for other sibling domains, even without a wildcard certificate.

By default, web browsers are a lot less strict about Same Origin Policy for sibling domains, which enables a lot of web-based attacks (like CSRF and cookie stealing) if your able to hijack any subdomain

The Wikipedia page says the following :

On January 28, 2015, the ACME protocol was officially submitted to the IETF for standardization.[28] On April 9, 2015, the ISRG and the Linux Foundation declared their collaboration.[9] The root and intermediate certificates were generated in the beginning of June.[29] On June 16, 2015, the final launch schedule for the service was announced, with the first certificate expected to be issued sometime in the week of July 27, 2015, followed by a limited issuance period to test security and scalability. General availability of the service was originally planned to begin sometime in the week of September 14, 2015.[30] On August 7, 2015, the launch schedule was amended to provide more time for ensuring system security and stability, with the first certificate to be issued in the week of September 7, 2015 followed by general availability in the week of November 16, 2015.[31]

So we’ll have another anniversary to celebrate in nearly a year

I did not have the money to pay the insane amounts these greedy for-profit certificate authorities asked, so I only remember the pain of trying to setup my self-signed root certificate on my several devices/browsers, and then being unable to recover my private key because I went over the top with securing it.