I used to have a $75 netgear router at my house. I changed the local DHCP settings to give out a raspberry pi's internal as DNS. I run dnsmasq on the pi and resolve local hosts that way. Ever internal service in my house uses HTTPS and I have about a dozen.
Sorry this is a day late, but how do you get certificates for internal services? Do you manually trust them on each client? Or do you have a wildcard cert from a public server? Is there some cleaner way to manage internal HTTPS?
I resolve internal services as subdomains of a domain I own. I use a wildcard I get assigned on an EC2. I script an sftp upload of the a new cert every renewal to my main internal machine where it is shared via nfs. This is the simplest way I've found.
