@francislavoie thanks for all your answers, your time and patience.
I just realised/decided that either nextcloud or bitwarden will be my password manager. I totally agree with you that No1 security is keeping the bad people out the local network but I think it makes sense to keep local connections secured too in this case.
You mention that the “easiest” way is to use Caddy’s acme_server. What is the “not so easy” part of this appraoch? I’ve searched around for documentation but there isn’t much yet or maybe I am searching for the wrong stuff.
@matt posted this last week but this is different to the acme_server, right?