if you have 1 ip with several names
http://example.com
http://www.example.com
http://images.example.com
the you need all to use the same cert (as certs generally are seen/served before the client tells the server which site it was looking for)
the type of cert with multiple names is a SAN cert (easy with letsencrypt) -d name1 -d name2 etc
obviously you also have to ensure verification works for all the names (usually by having each site direct .well-known/acme-challenge/ at the same location
hope that helps