lock Likely because your SSL Certificate Friendly Name is the field used for IIS to determine if it's a Wildcard. If your Common Name is *.domain.com and in the IIS Edit Site Binding the SSL certificate drop down shows just domain.com then that's your issue.

Good news is you don't have to reissue. Open the MMC for Certificates and open the Properties for that certificate. Change the Friendly Name to match the CN: *.domain.com. IIS bindings should then light up the host name field.