Wildcard SSL on Lightsail Load Balancer

I've reviewed the Lightsail load balancer and unlike ACM, you cannot add wildcard SSL's.

For example on ACM, this can done:

example.com
*.example

And then attached to an EC2 Loadbalancer.

But for Lightsail, the wild card is not accepted. When we issue only on the apex domain to the load balancer:

example.com

When we resolve demo.example.com, we get a cert invalid error.

As we don't know ahead of time the sub-domains in use, and the limit of 9 is too few, is there a workaround?

I came up with a solution but I can't say for sure it is the only one.

TL;DR - Use an EC2 Load Balancer and add it's target as your LighSail instance. To this load balancer attach a standard ACM certificate. Don't use the LightSail load balancer at all.

Outline Steps

1. Launch a load balancer in EC2 and attach your LightSail instance as a target (Remember to use the private IP of your LightSail instance and check your security settings, zone and region prior to set up)
2. Open ACM and provision your certificate. To protect your entire domain, you will require two entries on this cert i.e. example.com and *.example.com
3. Validate the certificate (DNS etc) and attach it to the load balancer in EC2.