For any specific use you could build something on top of it to deal with that. For example if you go with the last idea in the article and build http over ssh then your server just looks at the headers.

You would not have separate certs for each subdomain but is that a problem? arguably more convenient.