I get Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
From what I can tell, I need a TXT record, but when I tried that for the wildcard domain, it ignores the * and creates it only for the root domain.
certbot certonly --manual --preferred-challenges dns -d einsteinmedneuroscience.org -d *.einsteinmedneuroscience.org -d neuronair.org -d www.neuronair.org
What I am doing wrong?
You do need a TXT record, but it can't be for _acme-challenge.*.domain.com, because that's an invalid domain. You'd instead create it for _acme-challenge.domain.com. If you're creating a cert for the root domain as well, you'd enter two TXT records (with different values) for _acme-challenge.domain.com.
When you request that certificate, it will ask you to create 2 TXT records for _acme-challenge. einsteinmedneuroscience.org. That’s exactly what you wanted to put on your DNS console. The * got ignored because there’s no point to create a record for ALL subdomains’ subdomain… (and i think some DNS provider doesn’t support this)