I finally did this.
Create wildcard and main domain cert
$ sudo ./certbot-auto certonly \
--server https://acme-v02.api.letsencrypt.org/directory \
--manual --preferred-challenges dns \
-d mydomain.com -d *.mydomain.com
You will be asked to enter 2 challenges in your DNS as type TXT. Verify each one with following command in a different terminal before continuing.
$ nslookup -type=TXT _acme-challenge.mydomain.com
When done, you will be told where your certs are. Either point your ssl conf files to that folder, or in my case I just renamed the old, mydomain.com and created a symbolic link in that same folder called mydomain.com
$ ln -s /etc/letsencrypt/live/mydomain.com-0001 \
Nothing to restart unless you change your apache conf files.