You’re looking for on-demand TLS: Automatic HTTPS — Caddy Documentation
To use locally-issued certs, just make sure TLS automation policies use Caddy’s internal CA instead of a public one by default. Using the local_certs global option should do the trick if I recall correctly.