This thing will probably run in a bunch of VMs/containers behind a load balancer, so it's actually better that it doesn't try to obtain any certificates by default.
Even a small number of apps trying to get their own certificates at the same time can exhaust the Let's Encrypt quota for your domain, with serious consequences to your other online properties.
> Even a small number of apps trying to get their own certificates at the same time can exhaust the Let's Encrypt quota for your domain
I got curious about this and decided to look it up, they actually have more restrictions than I expected[1]. Looks like to play it on the safe side you might be better off having a single server issuing certificates and distributing them where needed as well as using wildcards as much as possible. Interestingly, it looks like Google is doing just that since their certificate covers a very wide range of domains[2].
Even a small number of apps trying to get their own certificates at the same time can exhaust the Let's Encrypt quota for your domain, with serious consequences to your other online properties.