RFC2818 (the 'HTTP over TLS' specification) says that names may contain the wildcard character, which is considered to match any single domain name component or component fragment. E.g., ＊.a.com matches foo.a.com but not bar.foo.a.com. f＊.com matches foo.com but not bar.com.

A careful reading of this wording does not seem to rule out the use of more than one wildcard, e.g. '＊.＊.com'. That's unfortunate. It likely depends on the particular browser's TLS implementation as to whether more than one wildcard in a name would be processed.

So would those certs be accepted by normal browsers? Couldn't the public suffix list be used to reject such overlay broad wildcards?