If you're already adding a CA to your trust store, you can just use caddy! [0] Add their local CA to your store (CA cert is valid for 10 years), and it'll generate a new cert per local domain every day.

Actually, now that I've linked the docs, it seems they use smallstep internally as well haha

[0] https://caddyserver.com/docs/automatic-https#local-https