The content below is taken from the original (Let’sEncrypt – Wildcard Certificates Coming January 2018), to continue reading please visit the site. Remember to respect the Author & Copyright.
This will make it easier to secure web servers for internal, non-internet facing/connected tools. This will be especially helpful for anyone whose DNS service does not support DNS-01 hooks for alternative LE verifications. Generate a wildcard CSR on an internet facing server then transfer the valid wildcard cert to the internal server.