I suppose that's feature request.
I've seen three use cases of SSL certificates for HTTPS:
- the domain resolves to a server with WAN, it's all right, certbot works
- the domain has a CAA record - this is locked on purpose, move along
- the domain resolves to a server without WAN - for security reasons.
Meaning the domain name - if resolving at all - won't have an accessible wan IP.
It's somewhat similar to the localhost case, but also somewhat different maybe.
Any insight for that is welcome