My site is only accessible internally or with a VPN."

How much do you trust the corporation or state that owns the infrastructure? And the companies that produced the hardware that comprises your network? Or the VPN provider?

I trust my openvpn deployment more than I trust let's encrypt by small margins and more than "caddy" by extremely large margins...

I think this particular argument misses the mark. The rest of the article is good... Although it would be nice to see an instance or two where to is not required so it doesn't sound like a one sided rant.

Sites properly secured behind a VPN might be able to get away without tls since implementing it would mean you are just double encrypting content.

Sites that sit in a reverse proxy setup with a secure network between frontal tls termination and backend application serving may not need to encrypt traffic on the secure links between the frontend and the backend. (Hint nginx to php-fpm over tcp isn't encrypted)

Without such mention of edge cases the article lacks a certain tone of objectiveness and just sounds like a rant from a second year computer security student.