Understood. This is amazing stuff man.
Now, my only wish ( I know it’s too much to ask. Hence, I’m not even asking. ) is that there are pre-built binaries in package repositories for GNU/Linux distributions ( including helper binaries for different external “modules” ), then it’d be so much more easier to integrate into automated server initialization process for thousands of servers at scale. I know there are multiple ongoing discussions on that topic as well - Packaging Caddy, V2: Packaging for Debian/Ubuntu
NB : I think this discussion has digressed away from the original topic which was for the tls_connection_policies block. Do you think we should break this post away at post 12 into a separate topic? Maybe title it to - ‘on_demand’ wildcard TLS certificates.