Wildcards can support subdomains of existing subdomains, but there are different criteria for protecting your domain and subdomains and multi-level subdomains.
First: If you only need to protect your * .subdomain.domain.com
In this case, you can protect your subdomains with a single SSL wildcard. CSR needs to be generated on subdomain.domain.com - Wildcard SSL will work only with this condition.
The caveat for choosing a ssl wildcard to protect your tiered subdomain does not apply to your top level domain. If someone tries to access your https://domain.com , they will find a domain name mismatch error in a web browser.
Second: If you want to protect your entire site.
Including all of the following:
domain.com (top level domain) *.domain.com (sub domain) *.*.domain.com (sub sub domain)
You need to protect your entire site with a single UCC / SAN certificate. This helps you protect all of the above conditional web pages using a Subject Alternative Name (SAN) certificate.
I hope you now understand what to do. Know your business and choose a certificate.