Lets Encrypt and certbot recently announced (actually quite some time ago) that they would be able to offer free wildcard SSLs. I've finally gotten around to doing that for my domains. Here is a great article on that, as the original method didn't do the trick.
certbot certonly --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory