At my company we used to pass around a single wildcard cert for our corporate domain. All servers, including many internal servers, all had the same long lived cert.

I made a tool to make it easy for us to deploy Let’s Encrypt certs for internal only servers that would normally not be able to do an http challenge against LE.

https://github.com/Imageware/TLSential

One of the projects im most proud of. :)