i have got a cert for *.example.com
and i found that example.com (root domain) saying the identify can't be verified
my command: ./certbot-auto --server https://acme-v02.api.letsencrypt.org/directory -d "*.yii2.cc" --preferred-challenges=dns --manual certonly
Implementing validation that way is more difficult with our current codebase. Adding two TXT values to the DNS is certainly permitted and separating the authorizations for the base domain and the wildcard also allows for more flexibility in using a non-DNS-01 challenge for the base domain.
Thanks for the feedback but this is unlikely to change in the near term. I recommend you adjust your side accordingly and set both TXT values.