–This topic is being opened to discuss ways to help simplify and assist in automating the cert process.–
We lost HTTPS as a valid new cert authentication method.
Leaving us with one single local mainstream validation method (HTTP).
But there are those whose ISPs are now blocking inbound port 80 (HTTP).
[which is not entirely a bad thing to do; they should probably block other ports too - but that is off topic]
But this will only get worse over time. I expect more and more ISPs may follow suit.
So, for those, we need to start considering alternate authentication methods.
Ways that are simple to understand and implement.
And which require minimal, or ideally, no user interaction.