I’ve got the same issue as this topic - the cert is issued for the main domain itself not as a wildcard. (It’s not www either, it’s definitely top-level). The end result is that subsites on the multisite install are not secured.
I tried to reissue my own cert using openssl and was able to do so, but I don’t know how to get local to use the new certificate instead of the existing one. And I’m not confident the wildcard aspect will work either.