At least for many web apps the future is likely automatically created and managed domain validated certificates. Amazon and Azure provide these free of charge and then you have Let’s encrypt.

This does not change the CA paradigm, but removes many operational issues.