Hi noplan,
per default, the entire configuration of the webservice is multi-tenant and multi-domain capable. The only thing you need to "deal with" is chosing/generating the apropriate certificate for it. For multiple domains in combination with wildcard you can specify -d with *.domain1.tld and another -d with *.domain2.tld.
This is a so-called SAN wildcard certificate. There are many vendors supporting this. However, when it comes to really large setups, like 1.000.000 mailboxes with thousands of domains, the setup doesn't really rely on such configurations but instead with load balancers and separate SSL-termination in the front-end.
Smaller setups can be done also with SNI and multiple certificates, however if you're around 5 wildcard SANs, you should be perfectly fine with LE.