Multisite install with subdomains, domain mapping and installed SSL (HTTPS) O-My

I raed the blog post about Free SSL Certs from letsencrytp.org in I jumpted in Feet first with it. I even Bought a Plugin for Cpanel to allow my Hosting Clients install their own SSL Certs.
Now my problem: I have a multisite install with prosites , Marketpress, Domain mapping.
I have installed the Cert to my main domain. we will call it maindomain.com, converted everything on the site to https:// put into the wp-config
define( 'FORCE_SSL_ADMIN', True );
All is great in my Little big Multisite world so far. I configure the main site, fix up the pricing table to look good. Then I go to the demo store site we will call that subsite1
so when I go to http://subsite1.mainsite.com all is well so far. then I go to login.
url changes to https://subsite1.mainsite.com /wp-login.php
and I get

Your connection is not private

Now since the free Certs are not wildcard certs How can I let the main site have a Cert and Sub sites be able to use their site as http://?
Can it be done or do I need a Wildcard cert?
my setting in domain mapping is

Force http/https (Only for original domain)
Would you like to force https in login and admin pages: No
Would you like to force http/https in front-end pages: No