Question
The SSL certificate is created for '*.example.com'.
Why does wildcard SSL certificate cause a domain mismatch error on a second level subdomain like 'subdomain.subdomain.example.com'?
Answer
It is expected behavior.
RFC 2818 in "3.1. Server Identity" states that:
Names may contain the wildcard character '*' which is considered to match any single domain name component or component fragment. E.g., '*.a.com' matches 'foo.a.com' but not 'bar.foo.a.com'.
The asterisk can only stand in for one field in the name submitted to the CA, and the certificate can contain only one asterisk, therefore it is not possible to cover two-level subdomains, such as 'subdomain.subdomain.example.com' by the same certificate as 'example.com'.
As a workaround add subdomain.example.com as a domain in Plesk, then it is possible to create there a new wildcard for *.subdomain.example.com
with