I have been waiting for a certificate (stuck on verified - certificate pending) for a wildcard domain (*.wellnow.de) for a few days now. Tried deleting and re-adding the custom domain a few times.
Might have something to do with having previously created a custom domain for an explicit subdomain which got a certificate no problem. When I deleted and re-added that custom domain, it issued a certificate for it instantly, which makes me think that its certificate was still kept in the system even after deleted. Maybe there is some conflict with having 2 certificates, that could both potentially point to the same subdomain?
On my staging app I did this same process the other way around, added the wildcard domain first, then a specific subdomain (I realize now that was unnecessary) and it had the same issue, but reversed, wildcard domain issued a cert no problem, but the specific subdomain was stuck in certificate pending indefinitely.
I see when I dig txt _acme-challenge.wellnow.de that there is TXT record for _acme-challenge.wellnow.de.
Can you check if this is set through your DNS settings? This TXT record maybe hanging around from a different DNS challenge to prove ownership and may be interfering with Render’s set up of your *.wellnow.de certificate.