I really wish Let's Encrypt had a solution for those of us with lots of "internal" devices that neither need public access nor are capable of running an automated renewal job (routers, switches, IoT gizmos, etc).

All of these things come with half-baked self-signed certs, and web browsers and mobile devices these days are making it increasingly difficult to actually stomach such certs for anything at all.

I wish the "SSL All The Things!" crusaders would consider this use case once in a while, and actually offer a usable solution.

(Some of us could go through the trouble of setting up a private CA to deal with this issue, but getting everything to trust your own personal CA root seems like almost as much of a hassle at times.)

> Some of us could go through the trouble of setting up a private CA to deal with this issue

I've read about doing that for development purposes. But it sounds complicated. Therefore I wonder couldn't there be an open source solution that produces an npm module which when I run it creates a private CA for me?

I mean if it is complicated to create a private CA, why not automate that task?