You’re assuming the people I offer certs for are people I don’t know? That’s not the case for me. Nobody will ever abuse this, because I own all domain names. Its users are relatives and friends.
This is not more dangerous than creating one cert for every user.
And the wildcard cert thing, how are you ever going to abuse that? Again: I control ALL names’ DNS records myself.
Aren’t you that guy telling people storing plain text passwords is not that bad in those VM videos? I mean seriously. I’m a CISSP, CFHI and CEH. You have no idea.
Then you should know that “He who designs the software and owns it makes the rules” the rest of us are just users who have opinions. Do you really trust your friends and relatives and their friends and relatives and all their social media “friends” - would you give them all your bank details and PIN access codes? Perhaps I don’t have any friends or relatives but I wouldn’t.
Remember what your proposing is a change to something used by many who do not share that close control over domain ownership and ownership of their users.
Virtualmin is a multitenant shared hosting system. We would never make it easy to do something that wildly dangerous on a shared hosting system, especially since there is no benefit to it? I mean, Let’s Encrypt certs are free. They are automatic (assuming you have DNS setup right). Why would you go out of your way to do something dangerous with them? It doesn’t make sense to me.