@EnterpriseArchitect I want to offer my sincere apologies but my previous answer was wrong. I spent some time this weekend purchasing domains and certs to verify what was shared was accurate. In my sandbox, I encountered that multilevel wildcard certificates are not supported within Web Apps. This does not appear to be a limitation of App Service Certificates but a limitation of Azure App Services. If you try to secure a multilevel domain with a wildcard certificate, you will receive the error, "...Multilevel wildcard certificates are not supported."
This means you will need to use a standard certificate to secure each multilevel domain. If you have three multilevel domains, you will need three standard tier certificates to secure the domains.
If you purchased a wildcard domain based on my previous response and do not need it, please open a free billing and subscription case here within 30 days of purchase. They will likely ask you to delete the certificate and then they will submit a request to refund/credit you for the cost.
Let us know if you have any further questions or concerns.