Redirect all subdomains to main domain with HTTPS without a wildcard cert (nginx)
Solution 1:
Practically, you can't get around the problem without a wildcard cert. If you can't present a certificate that matches up with the name being requested, you're going to get a connection error -- it's a fundamental part of the protocol.
I suppose, in theory, you could write something that, when it received an SNI header for a name not in the certificate, did a quick certificate issuance from Let's Encrypt, and sent back that newly-minted certificate in the TLS handshake, but... well, it isn't exactly a practical solution, is it?