I used to do the same, but these days, getting TLS certificates for local services is actually not that hard anymore.
If you have local DNS, you can e.g. request a wildcard subdomain Letsencrypt certificate and then distribute the corresponding key and certificate to your LAN hosts.
If you have local DNS, you can e.g. request a wildcard subdomain Letsencrypt certificate and then distribute the corresponding key and certificate to your LAN hosts.