certbot certonly --manual --preferred-challenges=dns --email $email --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.$domain
This results in a TXT record that must be added to the zone for $domain.
Add the record and test with:
host -t txt (added record address).$domain
If you get the matching response proceed...
scp from /etc/letsencrypt/live/$domain/ ESXi Host /etc/vmware/ssl:
on ESXi Host run:
Shell script to automate generation & prep of wildcard certificate to be ready to copy over to your ESXi Host available here: https://github.com/cygnostik/SA-Tools-wcSSL