Has anyone been able to use DoT upstream with a LetsEncrypt certificate? I know they don't issue certificates on bare IP addresses and therefore the upstream server may not be able to verify Unbound's signature based only on the domain name.
Do I need a certificate for Unbound's IP address for DoT to work? If so, is there a free CA that emits those?