I’ve been struggling to get the servers on my LAN, including, for example, pi-hole, to be accessible without https invalid certificate warnings coming up on all my browsers. I can’t use something like Let’s Encrypt as that requires an internet facing server. I tried creating a local CA (via OPNSense web gui), using that to create certificates for my LAN servers, then installing the local CA’s certificate on my browsers, but it’s been a big fail. Does anyone have advice for getting this working?
Is this even possible? You would need a self signed certificate and this will also trigger warnings in every common browser, or am I wrong? 
For what reason do you need an HTTPS connection within your local network? Normally this is not necessary and the self-signed certificate is not trustworthy anyway.
At Vaultwarden we have described how to add your own certificates to the client operating system
How do I add a self-signed certificate to the OS’ Trusted Root Certification Authorities store?
I always try to make everything as secure as possible, but you are right @Joulinar , it is probably more trouble than it’s worth in this scenario.
The question is what kind of security do you want to increase? Is there someone in your household you don’t trust? Usually there is no added value in a local environment where there is no internet access to the application. Attacks on this application can only be done from the local network. And there the attacker would already be in your network and you have a completely different problem than self-signed SSL certificates. 