@Rimjhim_Jain The docs for the host request matcher state that a * will match one domain label only, not an entire domain name.
Were the on-demand docs really not helpful for you? It even links to complete, working examples for on-demand TLS: Serving tens of thousands of domains over HTTPS with Caddy