When used in par with wildcard subdomain on shared IP of NG server (cluster or standalone), wildcard certificate is not used for SSL connections. Default odin.com cert is used instead.
Wildcard domains hosted on exclusive IP addresses are not affected.
In case of shared IP, the record like
ssl-by-hostname:*.example.local is propagated to Redis DB which is a source of webspace information for Apache NG. It interprets it as a separate domain, not like wildcard and does not apply certificate.
This issue was passed to OA Engineering team for further investigation as request POA-110827.
Currently there is no workaround for the issue, except of switching main (one for which wildcard domain is created) domain to exclusive IP.
Please contact your technical manager or a member of Pooled Technical Associates team in order to clarify status of POA-110827.