TheHolm

what exactly do you mena under subdomains? Any DNS provider will support adding NS entries for subdomains if you want to host you sub-zone somwhere, And any should allow you to use names with "." in it for "fake" subzone, like
a.subzone1 IN A x.x.x.x
a.subzone2 IN A y.y.y.y

nope, it is very deeply customized debian. Need to be installed from scratch.

Open source projects need to make money somehow. I found VyOS method quite acceptable. They giving good instruction and tools to build your own stable ISO. So do not be lazy or contribute somehow. Unfortunately their paid support costs too much. I was considering trying to push VyOS to be used as virtual router at my work, but it costs more than Cisco C8000v

Try VyOS. I run it on APU2 myself. No GUI no convolution.

Very strange line from specs.
USB Driver Windows XP/7/8/10/11, Linux (driver free on Raspberry Pi Raspbian system)
Does it mean binary blob driver only? and you need to pay for it to use it on PC?

If you still use HTTP for cert verification on ACME, you are doing it wrong. Use DNS-01 only, there is no need to allow any inbound traffic to your servers. and HTTP will not give you wildcard anyway.

using wildcards is really bad security practice. and at age of ACME absolutely unnecessary.

No HA. Classic HA is evil, shared control plane is good way to loose both FWs. Need redundancy use 2 independent FW + routing protocols. Losing session states during fail-over is not a big problem these days. I did in-place upgrades, but I'm running LTS and not yet done any major version upgrades. So far no problems.

Sorry, what do yo want to know? IT just a linux based router pretended to be a juniper FW. NAT/IPv6/PPPoE/VRFs are working as expected.

Can you promise a near 100% uptime? Otherwise, some email might not reach you. Just lol. Mail get queued just fine by everyone. If you really concern , setup second MX.

VyOS: Debian based router + firewall. Linux makes it easier for people to pick up the CLI but I’ve heard complaints about it being difficult to follow. Currently CLI only, at least without third-party solutions, but is powerful and competes directly with OPNsense for features for the most part. Seems to be just as stable. my mistake, FOSS version is not LTS but a rolling release and needs to be compiled.

Very misleading statement. Both rolling and LTS are FOSS, they just do not provide LTS binaries for free. Want LTS? build it yourself , all tools and guides(bit outdated) is out there. It will took 30 min you your time to setup.

Stable is not "pay only" . Just build it yourself, all tools are available. it will take 30 minutes of your time if you have docker environment ready.