Amin, startssl has obnoxious policies of its own and the free certs may be just for personal use and in any case they don't have free wildcards. But if you can get some certs from them and don't mind their requirements, that's great.
Samer, did you specify a license in the Globalsign form? I suspect they check that field somewhat mechanistically. I guess we could always release some software as part of the conference. But they sound obnoxious anyway. I wonder if Let's Encrypt will have wildcards.
It also seems fine to me if we just funnel all the services through a single domain. We're proxying it all through one nginx instance anyway, if I understand correctly.
I think I can set up mail forwarding through fastmail (I have the fancy account there) if you don't already have an email server of some type. It unfortunately looks like mxroute.com has eliminated their super cheap plans.