Run following command for obtaining a wildcard certificate:
certbot certonly --manual --preferred-challenges dns --agree-tos -d *.example.com
Then follow certbot instructions for adding TXT record to your domain.
Example of DNS bind9 record:
; Letsencrypt verification _acme-challenge TXT "xxxxxxxxxxx_xxxxxxxxxxxxx_xxxxxxxxxxxxxxxx"