This does not work, as stated before.
GUI web apps usually send links for redirects, scripts, images with absolute paths (/login, /scripts/, /img/). Removing a prefix is easy, but adding a prefix for an unknown target is impossible. (How should middleware know if /login should be /graf/login or /node/login)
This only works if all those apps allow to configure some kind of "base path".
Alternative approach to avoid LE limits: switch the order of the sub-domains:
customer123.grafana.example.com
customer123.nodered.example.com
customer123.mqtt.example.com
customer123.influxdb.example.com
Then you only need 4 wildcard TLS certificates.