Seems to be free from ZeroSSL https://help.zerossl.com/hc/en-us/articles/360060119973-Is-I... but Letsencrypt decided against it since their whole thing is about proving ownership over a domain, or set of domains, and doing that for an IP address would be some nonsense. I would be absolutely shocked if the "name brand" cert issuers don't support CSRs containing iPAddress SAN entries, since it's very clearly part of the RFC, but I haven't ever had a need to try such a stunt, either