Wrt the IP address thing, I'd perhaps update this copy to:
In the past 60 days, your Let’s Encrypt client used ACME TLS-SNI-01 domain validation to issue certificates for domains hosted on these IP addresses:
I think the post at How to stop using TLS-SNI-01 with Certbot could be improved with an example of how to actually perform a dry-run and identify that TLS-SNI is indeed not being used during that run.
There was also one thread where dry-run gave a false positive result on staging due to cached authz (port 80 was clearly inaccessible but there was a previously valid http-01 authz). Maybe it's asking too much, but killing the authz caching on staging for a few days could help? I'd be pretty mad if Certbot lied to me like that and my cert expired :|.
I think perhaps that the Help template could temporarily be modified to include an explicit prompt for certbot --version, since it seems necessary to ask that in every Help thread.
In a similar vein, How to stop using TLS-SNI-01 with Certbot could perhaps promote certbot --version to a proper styled code block, with example output indicating the correct version, so that it doesn't get buried in the prose.
Re: necro, I think it's possible to greatly reduce that problem by making @bmw's post a bit more "step by step" in nature, to match the audience who are looking for very prescriptive advice/instructions.