Can I buy just one SSL cert for a subdomain?

Solution 1:

Yes, you should be able to buy a "multidomain" certificate that lists both example.com and www.example.com in the subjectAltName. If your SSL provider can't / won't provide you with a multidomain certificate, find another provider. Be warned: like all SSL certificate things, they're a monster freaking scam, and you'll want to steel yourself for the price hike for adding a second related name to a certificate... it's freaking ridiculous.

Oh, one thing: I recently noticed that one of the companies we resell certs from automatically provides certificates for example.com with the www.example.com altname built-in, for no extra cost. I'd never seen it before, but someone's doing it, so it might be worth looking around.

Solution 2:

Sure, I don't see why a CA won't sign one for enough money.

I think the real question is can you support multiple SSL certificates? You can only use 1 SSL certificate per IP, not hostname.
You say you have multiple hostnames pointing to the same machine, in order for each subdomain to have a separate SSL certificate - each subdomain needs to be on a separate IP.

Will the CA be willing to "lump" all the domains into a single certificate so you can serve the same certificate for multiple domain names? I can't think of one, but it can be done.

Solution 3:

Wildcard certs are actually a newer concept than certs which are limited to just a few domains.

You might even be able to get a single cert which has both listed, but it depends on the application to accept this without warning about it.