I use LetsEncrypt on a (personal) site or two and on a couple for work.
We've got customers that mostly run Windows, however, and it's a helluva lot easier to, for example, just get a three-year certificate from <vendor>, install it, and then forget about it for the next three years.
Fortunately, I don't (usually) have to deal with the Windows boxes (i.e. actually installing and/or configuring the certificates) but I'm often the one acquiring the certificates.
CertSimple only does EV, and we do it completely differently from every other company: we check as much of your company's details before you pay, matching your order to a registered/active entity, flagging up things before asking for your credit card number, and helping you resolve any missing identification steps based on your company, order and the domain names involved.
I've been on HN for a decade and was at YC in Mountain View last week for the 10-min final interview last week (we didn't make it, which I blame on me being a jetlagged mess). OTOH the AirBnB we stayed in used a customer as their ISP.
We're used by a bunch of companies HN folks might know, including Travis, Tito, and Monzo.
The Symantec "this website is ssl protected by"-badge has high customer recognition and will raise conversion rates a tenth of a percent or two.
If I hadn't seen it repeatedly with my own eyes - most trust images will get you a small bump, for some reason Symantec performs the best. It's understandable and yet very frustrating!
It's not "Symantec", it's not "Norton", it's the "VeriSign checkmark". That's why they also bought the checkmark from VeriSign (which was also their corporate logo) when they acquired the CA business, and VeriSign went on and adopted a new corporate logo.
The checkmark been around since at least 1997, and in it existence it has been associated with the most trustworthy institutions. It has become a synonym of trust. That checkmark is one of Symantec's most valuable assets.
For small startups, probably not. Large organisations have far more stringent processes around certificates. Auditing, validation, testing, regulatory requirements, EV, support contracts and SLAs, etc.
Apart from the reasons posted earlier, "legacy" also comes into play.
Symantec acquired the CA business from the old VeriSign in 2010, which back then was the largest CA and had a large corporate client portfolio accustomed to paying $$$$ per certificate per year. Corporations can become very reluctant to change, even if it benefits them, and there are some who just pay up every year without researching alternatives or even being aware of any.
You will find that there are a lot of similarities with the domain name industry where there is also a company operating with a VeriSign heritage: Network Solutions. Network Solutions also charge premium prices, because their legacy customers expect those. And although market share is slowly eroding over the years and cheap (and even free) competitors rise, more than enough legacy customers stay on board to remain very profitable for many years to come. What definitely helps is that most of the processes in the domain registration and CA industries can be automated and don't need a lot of maintenance.
We use wildcard certs for a number of domains to support affiliate subdomains. So affiliate.example.com and affiliate2.example.com are all served by the same servers and thus all need to validate with one cert.
There's a limit to how many SAN's you can fit in one cert. There is apparently no defined upper bound, but dependent on the client's implementation. 25 - 100 names seems to be the common limit supported by most registrars.
In the parent poster's case, it sounds like a good use case for a wildcard cert. They may have thousands of affiliates, and may not know all of the affiliates ahead of time, so with a SAN cert, would need to reissue the certificate each time a new affiliate signs up.
I can't speak for Symantec, but folks use SSLMate (which resells Comodo) because of the customer support, the wildcard certificates, the lack of rate limits, and the central management of certificates (which integrates with Cert Spotter, our Certificate Transparency monitor). Also, some of our customers have special requirements and unfortunately can't automate certificate issuance. These customers want year long certificates with email validation, but still prefer using SSLMate's command line workflow over the clunky web interfaces of most CAs.
