1. Only if it is agreed in advance. Such certificates are called wildcard. But keep in mind that the wildcard certificate does not apply to the root domain. That is, a certificate issued on *.server.net will not work for server.net itself .
2. If the certificate is physically on another server - no.
3. If each subdomain is on a separate server, you need to get a certificate for each subdomain
4. It depends very much on the certificate with which verification you request. If with a minimum - there at least someone can get it. If with confirmation, then it is better for the customer to receive such a certificate.

1. No, if the certificate is not a Wildcard;
2. On another server, you will need to install a certificate;
3. The certificate must protect the desired subdomain explicitly or be a wildcard certificate;
4. You can get a dv-type certificate without being a copyright holder, if you have access to managing a domain or subdomain, for this it is enough to place a verification file generated by a certification authority on the hosting.

1. no. usually certificates are issued only for one domain (sometimes they are issued for a domain and www.domain)
2. no, see point 1. you need to make separate certificates. transferring the public and private keys to another server is not a problem, the main thing is that certificates are issued for this domain / subdomain, where they are located, does not play any role.
3. You must first decide what certificates are needed. if it's enough and for free, then look towards https://letsencrypt.org/ for example.
4. you can, you contact the copyright holders in any case =)

Ulrich wrote everything more or less correctly.
But there are a number of clarifications:
according to clause 3 - Let's encrypt allows you to add and remove domains from the certificate after it is issued;
according to clause 4 - a regular certificate does not require complex checks and you will only need to certify your management of the web server hosting the site under the domain name your.domain for which the certificate is requested, or have access to the [email protected] mail record ( hostmaster, webmaster).

1. Depends on the type of certificate on the main domain.
a) If it is a typical Comodo PositiveSSL or analogues - no, it will not. Because they are designed to protect a single domain of any kind.
b) If it is a WildCard, the main domain and subdomain will be protected 1 level "deep" (so to speak). For example:
Main domain: romashka.ru,
Subdomains: my.romashka.ru, your.romashka.ru, etc.
Main domain: my.romashka.ru
Subdomains: mail.my.romashka.ru, base.my.romashka.ru, etc.
c) If this is a Multidomain certificate, then all necessary domains and subdomains will be protected, the only thing is that each subdomain will have to be specified as an independent domain. It will be costly and unprofitable. Because the cost of a certificate usually includes only 2 or 3 protected domains, you will have to pay extra for each additional one.
Clarification: RapidSSL Wildcard will only work if the main domain of the form is romashka.ru. This does not apply to other certificate providers.
2. Wildcard will work. You will need to install it on all servers where the domain and subdomains are located.
3. When placing an order for a certificate, if the standard certificate is Comodo PositiveSSL, then simply order a separate certificate for the domain and each subdomain. If Wildcard, then specify the domain and all subdomains when placing an order.
4. You can also order a certificate if you are the contact person and you have access to the necessary mailboxes and information about the company. In any case, the client will be the owner of the certificate.

Here is my feedback:

1. If you have taken Wildcard SSL certiifcate or Multi domain SSL certiifcate then you can enable that SSL certificate only to sub domains of the main domain.
   
2. If that Wildcard SSL certificate has feature of unlimited server license then yes sub domains are located on another server can also be secured.
   
3. You will have to just copy the private key to each server.
   
4. Either you can directly order the ssl certificate or you give advice to client to purchase it.