I have the following routes defined in one dynamic config:

[http.routers.ide-controller]
rule = "Host(`controller.ide.localdomain`)"
service = "ide-controller"

  [http.routers.ide-controller.tls]
  certResolver = "ideCertResolver"

    [[http.routers.ide-controller.tls.domains]]
    main = "ide.localdomain"
    sans = [ "controller.ide.localdomain", "*.ide.localdomain", "*.preview.ide.localdomain" ]

And these sub-domain routes defined in another dynamic config, which is dynamically added or removed depending on whether or not a "workspace" is running (each workspace has 2 services):

[http.routers.theia-deployment--robotben--test-project]
rule = "Host(`robotben-test-project.ide.localdomain`)"
service = "theia-deployment--robotben--test-project"
middlewares = [ "auth-handler" ]

  [http.routers.theia-deployment--robotben--test-project.tls]
  certResolver = "ideCertResolver"

[http.routers.theia-deployment--robotben--test-project--preview]
rule = "Host(`robotben-test-project.preview.ide.localdomain`)"
service = "theia-deployment--robotben--test-project--preview"

  [http.routers.theia-deployment--robotben--test-project--preview.tls]
  certResolver = "ideCertResolver"

How can I make it so that the sub-domain routes use the wildcard certs defined in the base-level domain route? Right now it is trying to create a new cert for every sub-domain route.