All multi-domain SSL certificates have 3 SANs by default.
A SAN is a domain seat/slot in an SSL’s configuration. Here is an example of how SANs work:
While one-site.com and www.one-site.com are technically 1 website, the www version and the non-www version take 2 separate seats.
With the default multi-domain configuration of 3 SANs, you would be able to secure one-site.com and www.one-site.com, as well as another domain, two-site.com.
To have both the www and non-www versions of one-site.com and two-site.com secured, you would need 4 SANs, which adds 1 extra SAN to the default multi-domain SSL configuration.
Any SANs beyond 3 SANs have an extra fee, which varies depending on SSL type.