support IP based Let's Encrypt certificate

In a well addressed WAF deployment, SysOps would want to have control over error messages sent out -- IMPOV having the possibility to request and get IP short-lived Let's Enrypt certificates, one could throw DENY and/or ERROR messages without revealing their domain(s) names and therefore cleanly terminate for example unsolicited http traffic sent toward the public IP -- therefore host header matching the given public IP.

More info here:
https://letsencrypt.org/2025/07/01/issuing-our-first-ip-address-certificate