I am running a Centos 8 system. I have python version 3.6.8. Still I was able to install Let'sEncrypt. Will there be issue in the future? I will have to update Python?
Depending on HOW you've installed Certbot, you're either not running the most up to date version OR have used "snap" to install the most recent version, which comes with its own build-in Python.
Running sudo certbot --version should present the version installed.
Correct. The default tab is just for regular certificates without a wildcard hostname. As the wildcard certificates can only be issued using the dns-01 challenge for the wildcard hostnames, it often requires additional (DNS) plugins, which is mentioned on the Wildcard tab.
Not sure about "latest". Using pip (in a virtual environment!) is a "second best", but relies on the locally installed Python. So if your Python is too old, I don't think you'd get the latest version.
Depending on your requirements you can either choose to have an older version or use snap.
Note that sometimes people are running 0.40.0 or even older here on the Community. While we advise to upgrade, this is often not possible (or won't put in the effort) and usually it works nonetheless.
You can get a single certificate with up to 100 different hostnames. A subdomain counts just as a hostname, so you could include all 4 hostnames and have room for 96 more. No wildcard cert required.
A certificate for just app.example.com will NOT work for www.app.example.com (although some browsers, Chrome I believe, does actually accept a cert without the www subdomain for hosts with the www subdomain).