![](https://lemmy.blahaj.zone/pictrs/image/BF87ohBSuM.png)
![](https://lemmy.world/pictrs/image/8286e071-7449-4413-a084-1eb5242e2cf4.png)
You can use a DNS challenge to show you are in control of the domain without having anything exposed to the net. Essentially LE gives you a special value you have to add as a TXT DNS entry. LE will check if this record exists for your domain, and gives you a certificate, no public IP involved. This even allows you to create wildcard certificates.
Yes, but why would you want to? We have enough addresses for the foreseeable future.