This command allows you to create a self-signed and wildcard certificate for you:
openssl req -x509 -out _.domain.com.bundle.crt -keyout _.domain.com.private.key
-newkey rsa:2048 -nodes -sha256
-subj '/CN=*.domain.com' -extensions EXT -config <(
printf '[dn]nCN=*.domain.comn[req]ndistinguished_name = dnn[EXT]nsubjectAltName=DNS:*.domain.comnkeyUsage=digitalSignaturenextendedKeyUsage=serverAuth') &>/dev/null