I let Caddy automanage and autorenew certificates for my podman containers, and Caddy itself is in a container. There's no reason to let those exposed in my host, and it's one less thing to manage.
But if I had my own separate certificates, the first thing that would come to mind is simply mounting it as a volume inside the needed containers with :ro,Z.