Use Free Certificates. Always Use a Certificate.
Azure added free DigiCert SSL certs! Check it out on Microsoft Docs.
No wildcard certs but they are free and managed, so since subdomains are free, who cares if its not a wildcard.
So you don't need to do the CertBot stuff anymore if you're on Azure. Using a cert bot is good too. If your cloud doesn't have free certs use Let's Encrypt.
By the way, AWS had free certs already if you use AWS Certificate Manager.
Don't pay for certs, and you should always get a cert.
|use free certs