Can this problem be prevented/reduced if sites that use mail addresses for verification somehow checked the SSL certs of those domains?
Rather than just checking that the person can prove that they own the e-mail address, the standard should be that the person controls the e-mail address, and that e-mail address itself is under the control of the same domain owner as it was a the time it was registered.
But certificates expire, same as domains. You could verify S/MIME or GPG keys for email ownership (though they expire too!) but I don't think any normal user is going to bother with that kind of setup.
This situation is really terrible for the author but at the same time I don't think Facebook did anything wrong initially; both can be true at the same time. Of course, Facebook should have a human revise their case (they probably won't do that) but Facebook shouldn't be liable for checking for expired domains. That's a responsibility you take on when you buy a domain and register accounts on it, and checking what accounts are registered where before letting the domain expire is the responsibility of the author.
The issue of who owns the email address is besides the point. The author can send a copy of their ID to Facebook, who can verify the data on the account before the takeover. She can probably even point out the exact date of the takeover by looking at when the domain was te-registered. The problem is that realistically, Facebook won't do any human checks and her account will be deleted by their version of Skynet because it wasn't built to handle honest mistakes like these.
Rather than just checking that the person can prove that they own the e-mail address, the standard should be that the person controls the e-mail address, and that e-mail address itself is under the control of the same domain owner as it was a the time it was registered.