Just try it. The first example gets attacked by bots nearly immediately after issuing a TLS cert. The second one usually doesn't get detected at all.
replyWhat if you have a wildcard cert for *.example.com?
replyI worked at a company where the security team disliked wildcard certificates because it exposed us to the risk of someone, somehow, hosting something malicious on a subdomain.
replyMuch better. But you still leave traces from dns queries.
replySubfinder has a lot of sources to find subdomains, not only certs: https://github.com/projectdiscovery/subfinder