So as a practical maximum, given the assumptions
- You can guarantee that you won't need to add any new subdomains unexpectedly whatsoever (a rather optimistic assumption, the most obvious use cases for thousands of subdomains also involve adding/removing them at will)
- With 90-day certificates, you want to renew them after 60 days, or sooner--rounding down to 8 weeks, 56 days
- You can at most fit 100 subdomains in a single certificate, via SAN
Then you could, with carefully staggered certificate renewals, maintain up to 5*100*8 = 4000 subdomains under a single domain at most, given current rate limits. And for the first cycle, when getting the initial certificates, it would take the full 8 weeks before you have certificates for every subdomain.
If you put off certificate renewal to every 84 days (12 weeks), you could support 6000 subdomains per domain, but that would be pushing the absolute current limits.