For secure SSL routes, we rely completely on Let's Encrypt - there is no way to bring your own certificate and key. This is also due to security reasons (the key should never leave the machine it was generated on).
Unfortunately, LE does not support wildcard certificates at the moment:
Will Let’s Encrypt issue wildcard certificates?
We currently have no plans to do so, but it is a possibility in the
future. Hopefully wildcards aren’t necessary for the vast majority of
our potential subscribers because it should be easy to get and manage
certificates for all subdomains.
https://community.letsencrypt.org/t/frequently-asked-questions-faq/26
I suggest you create a certificate for each subdomain. If you would like to automate this, you can directly speak to the API: https://api.lyra-836.appcloud.swisscom.com/api-doc/#!/Certification_Processes/put_custom_certifications_create
Edit:
Let’s Encrypt will begin issuing wildcard certificates in January of 2018
https://letsencrypt.org/2017/07/06/wildcard-certificates-coming-jan-2018.html