And/or to expand on Spivak's answer: static.example.com api.example.com db1.example.com db2.example.com www.example.com www2.example.com loadbalancer.example.com etc

[ed to add:] Note that while you can just use example.com, or add alternate names, that would mean that a compromise of www1.example.com also compromised the key used for db1.example.com etc - which would largely defeat the purpose of splitting up different services across different vms/zones/machines in terms of security compartmentalization, because you'd only need one copy of the key to mitm all services.

(For some setups, where everything is a set of web apps/services, and TLS is terminated at the load-balancer/reverse proxy, this is a moot point -- but that's not always a good idea. See eg: how Google suddently rushed to encrypt their intranet after it turned out NSA had been happily snooping on everything from the "inside" via datacenter links that I assume were across rented "dark"/dedicated fiber).