I wonder if there would be interest in an "IoT ACME certificate tool" that would run on a more programmable/user-controllable device and perform automated renewal and deployment onto IoT devices using a library of contributed rules for how to install a certificate of various specific devices.
For example, in the coffeemaker case, maybe someone would contribute a rule (based on some kind of web automation framework?) that would upload new certs and keys over a LAN.
I think this would be great for Internet security overall, although it would probably cause a further explosion of support challenges (like "my coffeemaker was working fine with this tool for years, but now it suddenly stopped working—it doesn't trust the ISRG root and refused to accept my new certificate", etc.).