I think yo can, because you own the sub domain. Or for testing you can just set your browser to ignore the security warning. You can't get a certificate for *.bitnamiapp.com because you don't own that. The server has a certificate issued to example.com so that you can test HTTPS works - you can self sign a certificate for any name you like. It's the certificate authority which makes it valid.