ACME V2: does wildcard SSL cover the base domain too?

If you want to setup a Wildcard certificate on your domain:
sudo ./certbot-auto certonly --server --manual --preferred-challenges dns -d * -d

Notice to first write the wildcard, next the base domain. It doesn’t really matter, but if you do it like this, the webbrowser will actually show that the certificate is issued for * (the first domain in the list) instead of just (without wildcard).

The script will ask you to create a DNS TXT record in your DNS.
Off course it may take a while before the DNS record is propagated but it doesn’t really matter. If you run the same command later on (like the day after) it will ask you to create the EXACT SAME TXT record.

When the first challenge succeeded (wildcard), you must also perform the challenge for the base domain. Just open your DNS mgmt again and edit the existing DNS TXT record with the second value. Then press enter again and the second challenge will succeed immediately.