Let's Encrypt Wildcard Integration
Let's Encrypt Integration came with UTM 9.6. That's great!
You should now implement the support of Let's Encrypt Wilcard domains with ACMEv2.
AdminJan Weber (Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) commented
We are currently not considering adding wildcard support. The Let's Encrypt Wildcard support uses DNS TXT entries to validate domain ownership, as opposed to the HTTP file based challenge for other certificates, which is something that we can't easily automate and make it as easy to use as with the other certificates.
We do not have any control over the DNS records and hence this would require user/admin interaction for certificate generation as well as renewal.