@Antibiotic glad you got it sorted.. The only bad thing is browsers now complain about long life certs.. I think something like 398 days or something max..
Use to be able to create a cert good for 10 years, and have no worries most likely for the life of the equipment you were using it on.. Now you have to renew it every year or so..
Now that you have a CA your browser trusts you can sign certs with if for all your devices that use a webgui.. So you can get your browser to stop complaining for stuff like switches, printers, other software.. My nas and unifi controllers webguis all use certs signed by my home CA..
Since your using your own CA you can create certs for any domain you want to use, home.arpa for example - or the new .internal that also intended for local use. You can add rfc1918 IPs in you the SAN so that even when you access via IP vs fqdn your browser won't complain.
certs.jpg
Sure ACME has been a game changer for Certs.. And is great for something that a browser you do not control will be accessing. But 90 day renew kind of pain, even if can be automated. But you have to use a public domain, which can be problematic to use internally to be honest, you can not add rfc1918 IPs.. For the admin guis of stuff you admin, with your devices - use of your own CA is better option imho..