Certbot is used for static IP addresses, but there are two main scenarios: using a public static IP or using a local static IP
. If you have a public static IP, you can now use Let's Encrypt to get a certificate for it, though it's generally recommended to use a domain name. For a local static IP, you cannot use public certificate authorities like Let's Encrypt directly, so you must set up your own Certificate Authority (CA) and install its root certificate on all your devices.
Public Static IP (recommended: use a domain name)

   Use a domain name: The best practice is to get a domain name and point it to your public static IP address. You can then use Certbot with the domain name.
   Use IP certificate: Let's Encrypt now allows issuing certificates for IP addresses, but this is less common and can be more complex. If you have a public static IP, you may be able to use a tool like Certbot to get a certificate for it.

Local Static IP

   Set up your own CA: The only way to get a publicly trusted SSL certificate for a local IP is to set up your own Certificate Authority (CA).
   Install the root certificate: Once you have your own CA, you will need to install the root certificate from your CA into the trusted store of every device that will connect to the server.
   Use acme.sh: For internal networks, it's common to use acme.sh as a tool to generate certificates from your internal CA.
   Use reverse proxy: A reverse proxy like Caddy or NGINX can help manage certificates and traffic for multiple services on the same server.

Certbot for local static IPs (not recommended)

   Use a public CA (not recommended): It's not recommended to use a public CA like Let's Encrypt for internal IPs because it is possible to get a certificate for an internal IP, but it is not a recommended practice.
   Use self-signed certificates (not recommended): The alternative is to generate self-signed certificates, but this can be more complex and may not be ideal for production environments.
   Use a reverse proxy (recommended): Reverse proxying is a better alternative, especially if you're running a server that needs to be accessed from the internet.