Certbot / Let's Encrypt Wildcard Certificates - Ubuntu 17.xx

Wildcard is supported as of Certbot 0.22.2

Currently, version 0.22.2 is only available on the Ubuntu 17.xx repository. Other Linux distributions may differ of course. If you currently have Certbot installed under 17.xx you may wish to "certbot delete" and "apt purge" it first. In other words you should probably start over.

Install Certbot:
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot 

Certbot should now be at version 0.22.2 or greater:
$ certbot --version
certbot 0.22.2

Edit this file to use new/proper version of LetsEncrypt (ACME v02):
sudo nano /etc/letsencrypt/cli.ini
Add this line at end:
server = https://acme-v02.api.letsencrypt.org/directory

Update this line to your domain and execute:
sudo certbot --agree-tos --manual --preferred-challenges dns certonly -d *.domain.tld

At this point, just follow the prompts.
When it prompts for you to add a DNS TXT record, you will need to do that. As far as I know, other validation/plugins do not support newest LE (yet).