It kind of depends on exactly what you do. The limit is per-certificate and per-domain. You can issue certificates for as many different domains as you want. If you have a million domains, and you got two certificates like:
That would count as 1 for example.com and 1 for example.net. You could issue 19 more certificates for each of those domains, and another 19,999,960 certificates total for your other 999,998 domains. (In theory, at least.)
That also counts as 1 for example.com and 1 for example.net.
One certificate can include up to 100 names, but if you’re adding and removing (sub)domains frequently, you can eat up the rate limits for every domain in the certificate.
If you’re adding and removing (sub)domains dozens of times a week, it would be prudent to put the busy domains in separate certificates.
But it’s fine to have 21 different domains.
What about 1 certificate for example.com + admin.example.com?
Wildcards only apply to one level. A certificate for *.example.com covers admin.example.com but not example.com or abc.def.example.com. If you used wildcards, you’d still have to include both example.com and *.example.com if you want https://example.com/ to work.
I don’t really recommend using wildcards if you don’t have to. DNS validation isn’t convenient in every environment, and the risks can be higher if one of your private keys gets compromised.