Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
The operating system my web server runs on is (include version): NA
My hosting provider, if applicable, is: AWS
I can login to a root shell on my machine (yes or no, or I don't know): NA
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NA
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): NA
In our environment there are several subdomain and we want SAN certificate to meet our requirement. We are looking for solution to mitigate our issue, price is also important factor as it's a non-prod environment.
Is that system accessible to the public internet? Because I don't see any A or AAAA records in the DNS so I am thinking it may be on a private network. An HTTP Challenge will require that name to reply to HTTP queries from the public internet.
Do you have update authority to the Route53 DNS? Because you can get a cert using a DNS Challenge but you need to be able to update the DNS records.
Lastly, your Route53 DNS name servers have a likely problem. This should be fixed regardless of whether you continue with Let's Encrypt. I mention this only as I saw it while researching your question.
You need to make sure that the 4 nameservers listed under "Hosted zone details" in the Route 53 console are the same ones listed at both your registrar, and in the NS record for your zone. See "Step 4" of the AWS Docs here: Making Route 53 the DNS service for an inactive domain - Amazon Route 53
It's very unclear what you're asking. All public CAs use the Subject Alternate Name (SAN) field to list the names in their certificates. Let's Encrypt allows up to 100 names, though the process of it checking all of them can take a while so generally fewer than that works better.
Regardless, as @MikeMcQ said, the domain names you use need to be working names in the global public DNS. (The actual host names don't need to resolve if you use the DNS-01 challenge and can have your certificate process update the TXT records in your DNS, but it needs to be a public working DNS server for a real name.)
Hopefully that helps point you in the right direction. I also recommend looking through Let's Encrypt's documentation; there's a lot there on how it works.