You can generate a CSR in a SSH session using the openssl
command, eg:
openssl req -new -newkey rsa:2048 -nodes -out mydomain_com.csr -keyout mydomain_com.key -subj "/emailAddress=myname@mydomain.com/CN=mydomain.com/OU=My Dept/O=My Business Name/L=My City/ST=My State/C=US"
If you search online for "CSR generator" you'll find a lot of websites that will be happy to generate them for you, but you're also trusting them with your private key so I can't really recommend them.
I don't think we have any specific limit on the number of hosts in a single cert, but there's an overall limit to the number of hostnames that our front-end Nginx can handle, ie the server_names_hash_bucket_size
and server_names_hash_max_size
settings. We've got them configured relatively high (suitable for shared hosting) so it's not a practical concern for most of our individual customers.