I know and agree with the philosophy, however there is a limit to how much you can decouple things and keep the whole system maintainable. Just look at the woes of our peers embarking on the microservices journey. This is especially relevant for caddy, which focuses strongly on the ease of use. Now of course it's not the perfect answer for everyone; different solutions for different people I guess
First I have to admit I know nothing of Caddy. This is the first I've heard of it.
However, I don't think this is a case of different strokes. Even at a hobby level (1 webserver instance, not load balanced, per site or group of sites), in today's infra we can expect use of Let's Encrypt and therefore certbot, can we not? I mean, if we're talking about stapling at all, we're talking about enough infra that we do the type of automation that will include certbot.
Once you're at that point, I cannot agree that it's easier, and more manageable, to include the functionality within the web server.
Perhaps if Caddy integrated acquiring and renewing the cert itself, not just stapling, then I'd have a different opinion.
Now at the point where you are load balancing, with or without an https proxy, in my experience debugging and maintaining smaller components is easier. Yes, interactions can create hard to debug problems, but large complex "monoliths" are worse. And we are talking about a sufficiently discrete component here. That said, I'm not an SRE. Back before SRE was a thing, I was a "LISA" sysadmin though.
