Why must each installed product have its own SSL certificate? Can't we create a single SSL wildcard certificate and deploy it for every product installation?

Wildcard certificates do not protect a specific Web site: rather, they protect all the sites that fit a specific pattern. For example, a certificate for *.mydomain.com actually protects both server1.mydomain.com and server2.mydomain.com. Companies often use wildcard certificates to secure several servers that share load, for example, at e-commerce sites.

By definition, each installation of a wildcard certificate must have the same private encryption key. Therefore, the owners of one installation can listen in on the private communication of another owner's server. When all the installations belong to the same company, this is not a problem, because they can trust each other. However, it is not suitable for AutoSSL, where multiple personal Web servers running from private homes use the same domain.