Static file serving? Sure!
Load balanced proxying? mod_proxy_balancer is great!
Fine grained caching? mod_disk_cache is also great
Updating loadbalancer bits via the api?
mod_proxy_balancer supports a balancer-manager endpoint for that to do live updates
monitoring? mod_status + prometheus exporter or
mod_prometheus_status
native LE support? https://github.com/icing/mod_md is going to be rolled into upstream apache
mod_md checks the challenge list from the ACME server and choses one that it supports. So, if your server listens on port 80, everything will continue to work. You do not need to change anything.
If your server is only reachable via port 443, there seems currently no way you can sign up with Let's Encrypt. You will need to open port 80 for certificate renewal/signup to work. Some Advice:
* port 80 needs to be available only during a renewal/signup. Once you have your certificates, you may close it again. You need to mind renewal periods then and should check your server logs more frequently.
* you can safely redirect your port 80 to 443 with the 'MDRequireHttps' configuration directive. This redirection takes automatically care that challenges from an ACME server are still being answered while all other requests are redirected.
In case you find issues or have additional questions, visit the github repository at https://github.com/icing/mod_md and file an issue.
https://github.com/icing/mod_md
this is being folded into the official Apache httpd repo.