Well, because my local instance of <WebApp> says, <Feature> isn't available unless I use HTTPS.
Also, HTTPS with a public CA just works on most systems, whereas IPsec requires Client configuration. It's still easier to roll out than switching from IPv4.
For personal or experimental things, I may use a local CA, but getting certificates for the internal subdomains of my company is trivial when you already got a public domain on a Server that's capable of using DNS-01 challenges.
Enabling HTTPS is just way easier than actually ensuring you can trust your local network. Many real-life middle-class companies start out with just having a network and not thinking about security at all. Some companies may even have untrusted internal networks by choice by allowing BYOD.
Also, HTTPS with a public CA just works on most systems, whereas IPsec requires Client configuration. It's still easier to roll out than switching from IPv4.
For personal or experimental things, I may use a local CA, but getting certificates for the internal subdomains of my company is trivial when you already got a public domain on a Server that's capable of using DNS-01 challenges.
Enabling HTTPS is just way easier than actually ensuring you can trust your local network. Many real-life middle-class companies start out with just having a network and not thinking about security at all. Some companies may even have untrusted internal networks by choice by allowing BYOD.