SSL certificate(s) for one domain and one subdomain

There is no problem in using separate certificates(even from different issuers) for separate (sub)-domains. for consistency you may want to use one issuer, but that isn't strictly required.

In theory you can choose from:

  1. Two separate certificates for each domain.
  2. Multi-domain certificate, which includes both those domains.
  3. Wildcard certificate, which normally covers example.com and *.example.com

All of those options would work, but as you want the cheapest solution option 1 is the best fit.

Side note: And, the cheapest(FREE!) option is to use LetsEncrypt certificates for your (sub)domains. But that comes on the maintenance price - you'll need to replace certificates every two months, so some sort of automation would be really necessary.