I have a PC I have installed Portainer on, with various docker services (home assistant, jellyfin, etc..) with an ISP supplied router fixing various device IP addresses and reaching out to dyndns.
I really want to move everything over to HTTPS connections by supplying certificates, tls termination, etc .
The issue I have is self signed certificates mean I have to manage certificate deployment to everything in the house.
I figure I need to link a domain to the DynDNS entry and arrange certs for the domain. However I can't make the link function and everywhere wants >£100 to generate a certificate.
I use pfsense's HAProxy integration and a combination of Cloudflare or Lets Encrypt certificates for external stuff. For internal-only stuff I have a root CA I distributed to my computers that I use to sign certificates. My docker box that serves most of my internal stuff has an nginx-proxy-manager container with a wildcard certificate so that I don't have to sign one for every new subdomain on my docker host, and the various containers with services in it talk to it over a private docker network. Buying a cheap domain and managing it through Cloudflare simplifies a ton of stuff.