Redesigning (or correct design mistakes as you could call it) is not an option.
I created this thread to make sure there were no easy way to solve my problem without purchasing another certificate.
I'll try first with instructions in the invitation mail. If it causes too much trouble to my users, I'll purchase a wildcard certificate.
Thank you for your time.