Thumbs up, but have to respectfully disagree with some things
> ...the real barrier to adoption is that consumer-facing ISPs in many parts of the world still aren't handing out IPv6 addresses to subscribers.
Indeed. For some reason, this fact is often overlooked, while other less important obstacles are undeservedly highlighted.
> NAT breaks the end-to-end model obsession that is responsible for most of the horrible things about IPv6.
As long as you consider withdrawal from NAT addiction to be the most horrible thing about IPv6...
> NAT is a
fantastic means horribly hacky way of plopping an entire network down behind a single IP address and making individual servers behind that IP available on different ports.
And it is only possible because the original design accidentally overbooked for the port namespace, and underbooked for the address namespace.
(Perhaps, the concept of classless subnetting should have been extended to include the port part... Though dealing with ICMP and other non-TCP-or-UDP protocols would be tricky. And it is too late anyway.)
> cd ~/letsencrypt DOMAINS="-d example.com -d www.example.com" /root/letsencrypt/letsencrypt_gen
Except you will have to use one certificate for all domains hosted on your server. Which kind of defeats the purpose of TLS, at least in part.
There have been suggestions to make it possible to pass the `host` indication before the TLS handshake, but none of them took off, to the best of my knowledge.