You should be able to create 1 profile for several Host Controller hosting several instances.
You will create some groups (1 instance has to be linked to a group) and you deploy within that group.
So, 1 Domain Controller, 1 or several Host Controller and several instances / groups.
For certificates, I don't know ...
Thank you for the reply. I will not be able to use port off set in my configuration because of a specific requirement. How do I assign ports to each server manually? is there a file that can be edited?