If you don't want to have them set as separate webserver sites (i.e. virtual hosts) then you can actually create a single certificate for all domains and subdomains! All you need to do is put them all on the one line of confconsole.domains.txt. E.g.:

root@lamp ~# cat /etc/dehydrated/confconsole.domains.txt

# please use this file with confconsole or
# alternatively use dehydrated with it's appropriate
# configuration directly
jeremydavis.org lamp.jeremydavis.org lamp-tester.tklapp.com

root@lamp ~# dehydrated-wrapper --force
[2017-11-28 23:50:23] dehydrated-wrapper: INFO: started
[2017-11-28 23:50:23] dehydrated-wrapper: INFO: found apache2 listening on port 80
[2017-11-28 23:50:23] dehydrated-wrapper: INFO: stopping apache2
[2017-11-28 23:50:25] dehydrated-wrapper: INFO: running dehydrated
[2017-11-28 23:50:41] confconsole.hook.sh: SUCCESS: Cert request successful. Writing cert.pem & cert.key for jeremydavis.org to /etc/ssl/private
[2017-11-28 23:50:41] dehydrated-wrapper: INFO: dehydrated complete
[2017-11-28 23:50:41] dehydrated-wrapper: INFO: Cleaning backup cert & key
[2017-11-28 23:50:41] dehydrated-wrapper: INFO: starting apache2
[2017-11-28 23:50:42] dehydrated-wrapper: INFO: starting stunnel4
[2017-11-28 23:50:42] dehydrated-wrapper: INFO: dehydrated-wrapper completed successfully.

And here is the certs directory (but this time they're all written to /etc/ssl/private). Note that I deleted all the directories that were there initially so this is new for this run of dehyrdated-wrapper.

root@lamp ~# tree /var/lib/dehydrated/certs #
/var/lib/dehydrated/certs
`-- jeremydavis.org
    |-- cert-1511913025.csr
    |-- cert-1511913025.pem
    |-- cert.csr -> cert-1511913025.csr
    |-- cert.pem -> cert-1511913025.pem
    |-- chain-1511913025.pem
    |-- chain.pem -> chain-1511913025.pem
    |-- fullchain-1511913025.pem
    |-- fullchain.pem -> fullchain-1511913025.pem
    |-- privkey-1511913025.pem
    `-- privkey.pem -> privkey-1511913025.pem

1 directory, 10 files