Because an SSL certificate is linked to a specific domain. It has nothing at all to do with user accounts. Creating a custom domain for each and every user is totally nonsensical from both a business and technical standpoint.

God did not say "Lavabit must only use SSL and cannot use any other measures to fulfill its understood and contractual obligations with customers". That is ridiculous.