Wildcard certificates are the much much easier case. You don't have to mess with your web server or routes at all. You just hook up certbot with your DNS provider and say "get me a cert for '*.mydomain.business", run the renew in a cronjob (which certbot does automatically by default now) and never touch it again. I've had certbot running for like 4 years with no interruption with this setup.
The Venn Diagram of people who forgo managed hosting with SSL built-in and set up their own servers to host HTML pages on the internet and the people capable of following a guide to configure certbot is a circle.
Not all DNS providers are supported by certbot, so sometimes it's impossible to automate. It's not infrequently that I come across sites with expired certificates nowadays.
And what of those who have left their old site (that has no need for TLS) online for years without ever knowing 'insecure' HTTP is being deprecated? I don't think their sites breaking and showing warnings should be acceptable when the security benefits are so marginal.
It doesn’t really matter if all DNS providers are supported because you can just delegate your _acme_challenge zone to any DNS provider that is, like Route53 or to your own DNS server.
The Venn Diagram of people who forgo managed hosting with SSL built-in and set up their own servers to host HTML pages on the internet and the people capable of following a guide to configure certbot is a circle.