I have various use cases where I'd like to internetwork web browser clients with a large pool of smart clients that also act as web servers, including handling things like hole-punching and UPnP port forwarding automatically.
Imagine some central domain, my-p2pish-service.com, with a subdomain, clients.my-p2pish-service.com. The domain has some directory functionality where a client can map a data request to another client, and the response to that request is a "somehash.clients.my-p2pish-service.com", where "somehash" is a dynamic DNS label updated to correspond the IP address of the client possessing some key that can generate "somehash"
Is there any mechanism in LetsEncrypt that would permit issuing certificates to a potentially large number of clients with DNS names under "clients.my-p2pish-service.com"? What about policies for sharing certificates between clients? For example, I know up to 100 names may appear in a certificate, is there any policy that would prevent sharing one certificate between multiple clients, assuming the certificate provided no additional benefit to the protocol running in the application layer, which had separate authentication mechanisms of its own?
The goal of this is simply to expose P2P servers directly to browser clients using modern web protocols, all of which require TLS, such that the traffic more or less resembled regular web traffic, and without depending on expensive and centralized signalling boxes like STUN and TURN servers, or complex networking and client software, as in the case of a solution like WebRTC