I would like to ask a question that we work here in my company with DMZ, we have a reverse proxy server, I would like to create a single ssl for all the sites behind this server, will I have to create an ssl by subdomains?
It depend on your need... And how many site you need to cover on that server....
Are all sites on one root domain? (If so, you could take advantage on leus Encrypt's wildcard certificate...)
If not all sites on the same root domain, you could just issue one (wildcard) certificate for each dedicated root domain, to save time renewing & protect privacy...
Of course, you could use one single wildcard certificate to cover all subdomains. (*.site.com)
But, please note that the only way to get the certificate is via DNS validation, which means you would need to use a competable DNS provider in order to automate the process.
(Try acme.sh or certbot.... In Unix system, acme.sh usually covers more DNS provider than certbot...)