Anyone went with wildcard certificates to avoid disclosing subdomains in certificate transparency logs?