Today, to obtain a wildcard certificate it is necessary to use the DNS challenge because it is necessary to prove that you are the owner of the main domain and all the possible domains covered by the wildcard certificate. However, the DNS challenge cannot be easily automated.
I would like to propose an alternative and understand if it is feasible.
In the case of a Wildcard and HTTP challenge, Let’s Encrypt may ask to check N + 1 domains, N random and 1 the main one. For example if N were 3 and I wanted to get a wildcard certificate for the domain example.ext, Let’s Encrypt could ask me to verify these domains:
the random nature of the domains and the number of required domains should actually guarantee the generation of the certificate.