If your site has three or more subdomains, it is better to choose a Wildcard certificate. It will be much more convenient and cost-effective to secure all subdomains with one certificate than to pay for certificates for each domain separately.
The number of protected subdomains of the same level is unlimited.
You can select a certificate with domain validation only for your domain or the domain of your organization. The first option will not take long — you will receive an email from the Certification Authority requesting confirmation of the server access rights.
The second option will take a little longer, because not only the domain name will be checked, but the physical existence of your company will be checked as well. You will need to provide supporting documents, but it will increase user confidence.
In general, the process of buying a Wildcard certificate is no different from a regular certificate except for the fact that you need to specify a domain with an asterisk - for example, *.domain.ru. This is required to include all subdomains. Note that when issuing a Wildcard SSL, only the primary domain is checked.
Unfortunately, no, such certificates do not exist.
You can actually install a free certificate, but it's more reasonable if you want to test a new site or save money at first. If you have a full-fledged business site, it is better to install a paid certificate: it will provide a high level of protection, compatibility with browsers, guaranteed solution against hacking, and will have full support.