Wrt to wildcard certificates then: Have I understood the concept correctly? My understanding is that once the rate limit expires, we will be able to create one certificate for *.space.trixta.io, and then (provided we configure our nginx reverse proxy and our Route53 correctly) we will be able to create potentially thousands of websites of the form *.space.trixta.io that run on our infrastructure?
If you have good reason for more than 50 certs per week without being able to use a wildcard to overcome the rate limit, you can request a rate limit exemption. See the rate limit documentation page about that.
Note that those exemptions are coupled to an ACME account, so you might want to learn more details about the ACME protocol, the clients working with it and ACME accounts. Especially how to back it up.