I had fun building it. It was illuminating seeing where implicit trust is unconsciously assumed, break that down, and identify the threat entry-points (absence of policy definition for the ACME server) as areas of improvement for Caddy. I'm surprised none of the users attempted it or reported those needs. I know at least one user who told me they were considering it but need the tutorial document. Now we have the tutorial (kinda) :)