Hi EyesX,
Unfortunately, this is known issue that Let's Encrypt has with wildcard certs, can't be auto'-renewed because you need to do the DNS challenge every time.
Due to this issue, we will introduce a new option to force a new cert. This new feature is scheduled to be released in v1.8.0 (End of April).
Now you can request it manually:
sudo certbot certonly --manual --preferred-challenges=dns --manual-public-ip-logging-ok -d $domain -d *.$domain --email $mail --no-eff-email --agree-tos --staple-ocsp --must-staple
Replace $domain and $mail with your own info.
Regards.