I went back and looked at cloudflare again, and while I'm pretty sure that a few months ago when I was trying it it wouldn't let me use *.mydomain.com to make a DNS A record, now it does. They say that using a wildcard DNS like this will make the wildcard subdomains not be protected by the cloudflare network (unless you pay for the enterprise version), but it will still point to your server as intended.
So I set it up for my domain, made the wildcard subdomain in cloudflare, and then set the letsencrypt docker to make a wildcard cert, and it all works! Now I can go to any random subdomain random.mydomain.com and it points to mydomain.com if nothing is specified in letsencrypt config/nginx/site-confs/default. Or if I specify something in that file random.mydomain.com can point to a particular port on my server like ghost or plex.
I'm so excited to see it all working! Thanks for the tip on cloudflare.