As far as I know, Caddy doesn’t support this.
If you want to cover both *.DOMAIN and DOMAIN for your web server, you can do this:
https://*.{env.DOMAIN}, https://{env.DOMAIN} {
but that will issue two certificates, not one. However, that configuration will use both and automatically pick the right one based on the SNI field of the TLS handshake.