Hi,
You will need new wildcard certificates since they only work for one level. For example, *.mydomain.com works for portal1.mydomain.com, portal2.mydomain.com, portal3.mdomain.com hosts, but will not work for host1.portal1.mydomain.com, host2.portal1.mydomain.com since they are at another level deep.
If you want you can obtain your wildcards for free from Let's Encrypt, but downside is you will need to script the renewals or manually upload them into app service.
Please click Accept Answer if the above was useful.
Thanks.
-TP