Your current config will only match exactly for the SNI name domain2.com, and it won’t match for *.domain2.com.
To do that, you need to add another SSLHostConfig for *.domain2.com, pointing to the domain2.com certificate.
Likewise, hostName="*.domain2.com" would not match for x.y.domain2.com either, you would need yet another SSLHostConfig for further levels of wildcards.