This addresses questions I had about certificate generation across nodes/regions.

Slightly off topic, but something nice about Caddy is that it automatically falls back on ZeroSSL (if you have an email address defined) when you hit letsencrypt rate limits. I have a case where more certificates for a root domain are needed than LE is capable of providing, and this fallback solves for the rate limit problem seamlessly.