[andrewmackrodt]

Nice, thanks for sharing this. I use sslip.io but they do not provide TLS certificates, so acme v1 validation is required using a wan IP address and ensuring router port forwarding or cloudflare tunnel etc is running. This magic domain is so much easier.

[lxgr]

I don't think this is actually compatible with the browser security model – specifically, CAs are required to revoke certificates for known-compromised private keys, according to point 4.9.1 here: https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-...