But what I was thinking is that a potential hacker doesn’t need to bother finding me and trying to establish whether I’m running a web server if Let’s Encrypt is basically going to publicly advertise that I am running such a service on my IP address. At the moment my IP address is not on any public DNS as I’m using a dynamic DNS subdomain service. I realise that my Nextcloud server is not completely invisible to the world at the moment and that there are ways of finding out that it exists but it would still seem to me that the details being publicly advertised would raise the threat level.
Am I just being paranoid or do I have genuine concerns? At the moment I’m using a private root certificate but it’s not a very eloquent solution as it has to be installed on every device I access the server with.