> You can get $2/yr domain names on weird TLDs like .site, .cam, .link, ...

You can, but as stated - that's not free (or easy). That's still yet another fee you have to pay for... which hurts adoption of HTTPS for intranets (not to mention it's not really an intranet if it's reliant on something entirely outside of that intranet.)

If LetsEncrypt charged 1$ to issue/renew a certificate, they wouldn't have made a dent in the public adoption of HTTPS certificates.

> Not necessarily, you don't route the domain externally, and use offline DNS challenge/request to renew the certificate.

I already mentioned that one, that's the wildcard method.