I agree that this is a good idea, but I wanted to add that if someone owns a domain already, they can also use that internally without issue.
If you own a domain and use Let’s Encrypt for a star cert, you can have nice, well secured internal applications on your network with trusted certificates.
Maybe I’m missing something then, how would you pass a DNS challenge?