I would love to use LE but I can't because my use case is all about internal network. I don't want self-signed cert. I want to leverage internal domain system, especially the ones with IPs. While I understand the design of LE would not encourage any of the above, I do hope one day LE has a solution to end the pain of self-signed cert (without modifying host CA file).
You could use their code/system, if you set up something like: https://github.com/letsencrypt/boulder internally?