I know that currently (feb 2018) wild card certs are not yet available, but my question anticipates the availability in the near future.
I have serveral servers that split functionality of the same app.
My goal is to limit the amount of certs and my question is formulated under the assumption that letsencrypt provides wild card certs.
My question is 2 fold.
Do i need multiple certs sinds a have multiple servers?
If yes, so If I need 2 certs for 2 servers, can these certs act a a wild card cert on sub1.domain.com and another cert on sub2.domain.com. In other words can a wild card cert also be on a subdomain (and related sub domains) or is a wild card cert only applicable on domain.com and not on sub1.domain.com ?
*.example.com -> covers sub1.example.com and sub2.example.com but not example.com nor thirdlevel1.sub1.example.com
*.sub1.example.com -> covers thirdlevel1.sub1.example.com and thirdlevel2.sub1.example.com but not sub1.example.com or anything lower
Wildcards don’t usually cover all the domains you want so they are typically combined with a non-wildcard domain listing. Let’s Encrypt will allow you to list a mix of 100 wildcard and non-wildcard domains on a certificate.
Judging by your example you would want two certificates:
*.sub1.example.com and sub1.example.com
*.sub2.example.com and sub2.example.com
You do not necessarily need two certificates for the two servers, but it is usually easier and always more secure to use different certificates on different servers where possible.