I have two SSL certificate one for *.sub.domain.com and one for *.domain.com.
I don't have issues with domain level wildcard certificate. Meaning https://www.domain.com & https://domain.com works fine with out any certificate errors.
But for the other one https://sub.domain.com gives certificate error(address miss match ) and https://www.sub.domain.com doesn't give any error.
Just another info both certificate are from the same provider.
Wildcard certificate issued for *.domain.com doesn't secure bare domain.com by default.
Run openssl x509 -in certificate.crt -noout -text on both certs to see their human-readable content. Look for X509v3 Subject Alternative Name (SAN) field. If it is present, it specifies multiple DNS names, which can be secured by the cert.
I suppose your *.domain.com cert has it, whereas *.sub.domain.com doesn't, in that case ask for a new wildcard SAN cert.
*.domain.com to secure sub.domain.com as mentioned by @MadHatter, of course.
sub.domain.comdoesn't match*.sub.domain.com, but it does match*.domain.com.domain.comdoesn't match*.domain.com, which is very true, and just as trulysub.domain.comdoesn't match*.sub.domain.com. It is true that in the bare domain case this is often handled by SANs, but in your case you have a wildcard certificate that will matchsub.domain.com- all you need to do is use it.