I love my homelab, and the more I tune things the more satisfaction I have. I tolerated the “Your connection is not private” for my self-signed SSL certs on my services for way too long.
I just setup NGINX Proxy Manager as a LXC on my Proxmox Server and pointed a subdomain I own to the server. Now I have custom domains for each service along with valid SSL Certificates. It’s all local without exposing anything to the outside world. It’s very satisfying. I tried explaining what I was doing to my GF but she could care less ¯\_(ツ)_/¯
Followed this video from Wolfgang’s Channel YouTube (great channel btw), the first minute does a better job explaining the setup. I always thought I would have to setup a local CA which is more work than I was interested in, but this approach was much simpler (and free!).
But, setting up your own offline root and intermediate issuing CAs is so much fun!
I too like my websites and web-based consoles to not pop up the https warning, so good on ya for getting that going
All my network devices have role based access via AD, and run through a RADIUS server. Most of my devices talk PEAP-MS-CHAPv2 for RADIUS auth, in a server per service environment like I have where the NPS server is separate from the DCs, a RAS & IAS cert on the NPS server is required for that communication.