Hi 
Caddy is able to use certs for IP addresses.
It just wonât be publically trusted, but instead self-signed when using the auto-https feature currently.
The docs/automatic-https#hostname-requirements (pretty far down though) state:
[âŚ]
In addition, hostnames qualify for publicly-trusted certificates if they:
- are not an IP address
I am pretty sure I read an issue or some mention to track it not long ago, but I canât seem to find it right now 
Maybe someone else has some insights on that.
A quick workaround, at least for now, if you want publicly-trusted certificates, would be to use services like https://nip.io/ that resolve 159.223.140.9.nip.io as 159.223.140.9 without any additional setup.
That way you would have a âvalidâ domain name 
Though, you really shouldnât be getting SSL routines::tlsv1 alert internal error when using the plain IP.
Both https://159.223.140.9 { and 159.223.140.9 { are valid and will serve that vhost via some self-signed certificate.
Are you absolutely sure that the Caddyfile and logs you shared are from the on the server publically accessible under 159.223.140.9 and not some other server?