Hi @lordgordon,
Unfortunately RFC 2818 is not relevant to today's internet - that's a dinosaur of an RFC that has long been supplanted by others. The particulars of the Web PKI are primarily specified in RFC 5280, and it washes its hands of how wildcards should be handled:
Finally, the semantics of subject alternative names that include wildcard characters (e.g., as a placeholder for a set of names) are not addressed by this specification. Applications with specific requirements MAY use such names, but they must define the semantics.
In practice this means the semantics of matching a wildcard subject name are entirely imposed by web browsers and TLS clients, and that community has landed on allowing only one wildcard character as only the entire leftmost domain label.
Let's Encrypt's wildcard certificates are handled identically to all other CAs by the browser vendors and we can not implement your feature request from our side. It would have to be adopted by all possible client software.
Edit: We would also have to contend with the CA Browser Forum's Baseline requirements. Presently they define a "wildcard domain" as:
"A Domain Name consisting of a single asterisk character followed by a single full stop character (“*.”) followed by a Fully-Qualified Domain Name.",
Allowing multiple wildcard labels would likely run afoul of the baseline requirements.
Hope that helps explain things!