You have to use a DNS-based authenticator (which can be -a manual, with or without a script to automate the DNS changes). You can still use the Apache installer, with -i apache. On the other hand, --apache tries to use both the Apache authenticator and installer, but the authenticator doesn't have a way to satisfy DNS challenges, so it can't obtain wildcard certificates.
It should be possible to use an existing --cert-name, but I'm not sure that all scenarios for that have been well-tested yet; if you run into problems with this, please let us know and we can try to sort it out. (Edit: I can think of a reason that it might fail, so I'll be very interested to hear about anyone's experience when trying this.)