A possibility is for people in @pavel_odintsov’s situation to assign domain names to the customer as subdomains of a domain that the company controls, much the way ISPs may assign domain names like ip-192-168-17-23.example.net under the ISP’s own domain. In that case the software run by the customer would be able to obtain the cert and then the organization would be able to access the customer’s device via that domain name.
It’s true that right now Let’s Encrypt’s rate limiting would make this impractical for an organization with more than a handful of customers, because they would hit the rate limit very quickly, but we’ve also been clear that we would like to grant exceptions to the rate limiting where it’s useful. So I think people should make proposals about using subdomains this way and we can discuss whether we can accommodate them somehow.