I've mentioned another idea a few times that I've had kicking around, that there should be an HTTP header to warn about "APIs you shouldn't use directly in an ephemeral instance" (I was calling it Was-Expensive, although I haven't written up a spec). In that case if ephemeral instances could set some kind of environment variable to indicate that they are ephemeral, their HTTP libraries could maybe start generating warnings about this... or something?
Cool, that's great!
There are some older pre-ACME protocols that I think are oriented around this kind of use case.
I wonder if any of them would be useful for this today, or if it makes more sense for most of these users to have an ACME proxy, or just a sort of trivial download from a known location.