I suppose that's feature request.
I've seen three use cases of SSL certificates for HTTPS:

• the domain resolves to a server with WAN, it's all right, certbot works
• the domain has a CAA record - this is locked on purpose, move along
• the domain resolves to a server without WAN - for security reasons.
  Meaning the domain name - if resolving at all - won't have an accessible wan IP.
  It's somewhat similar to the localhost case, but also somewhat different maybe.

Any insight for that is welcome

If it's a public domain, DNS validation. If not, an internal CA. For the latter, see:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.