Is it possible to have one certificate to cover *.*.domain?
If not, can someone help me write some script to update them whether I need a new subdomain and cover all its subdomains?
It appears you meant to write *.*.domain but the asterisks got interpreted by the forum's markdown parser as an emphasis of the first dot. 
No, it's not possible to issue a certificate with multiple wildcard labels. Additionally, it's only possible to have a wildcard label as a leftmost component. I.e this is also not possible: subsubdomain.*.example.net
7 Likes
I concur fully with @Nekit. There is nothing for certificates like what DNAME records do for DNS.
3 Likes
OK, is there at least an automated way to request one when needed?
Request one of what?
4 Likes
You've come to the wrong forum for free script writing help.
4 Likes
Yes, some acme clients support on demand certificates. Caddy is one example.
You will get several certificates, not one.
6 Likes