Pointing every other subdomain to the webserver can be done two ways:
-
The domain admin can create every subdomain as an individual DNS record. That way, applying for a wildcard certificate via http-01 won’t work, because only those subdomains explicitly appointed to the webserver will work. And that’s is correct. So, using http-01 to obtain a wildcard certificate won’t cause an issue here.
-
The domain admin can create a DNS record for mail.example.org and a wildcard record which points to the webserver. In that situation, the webserver admin can obtain a wildcard certificate via http-01. Also in this case, there is no issue. The webserver obtained a wildcard certificate in a valid way, because it matches the DNS setting (both contain *.example.org). Yes, although it should not be valid for mail.example.org, but since the DNS already catches that case, it’s all fine.
Don’t see a wildcard certificate as an ‘own-it-all’ thing, but as an ‘own-the-remaining’ thing. The DNS is the authority in this case. Giving a wildcard certificate instead of several subdomain certificates is just a convenience.