Or, it's super easy to roll your own using letsencrypt.

1. Buy your own public domain (such as companyname.dev)

2. Setup a LetsEncrypt wildcard certificate with DNS validation

3. Update your /etc/hosts to something like `127.0.0.1 companyname.dev`

We have this working with multiple developers, each renewing their certificates themselves. Works great, it's simple, and don't need to trust an extra third party.

Last time I checked, those wildcard LetsEncrypt certs take more work to get, like passing a DNS-based TXT record challenge. Then once you have the wildcard certs, they only last 3 months. Once obtained, they can manually be copied into the LAN using a tool like wormhole. There's a lot of manual steps here which are far harder than how certbot will auto-renew certs when in the cloud - usually requiring no manual intervention, once you succeed that first time.

acme-dns let's you add a CNAME to another DNS zone, which let's you issue certificates for the former domain name using a convenient API for the latter zone. Seriously read about it, it's awesome.

https://github.com/joohoi/acme-dns/

That tool is open source and self-hostable. getlocalcert also provides this feature, but as a hosted service. Choose the method you prefer.

https://docs.getlocalcert.net/tips/validation-domain/

Once DNS-01 is easy, wildcard certs are easy. Here's the docs for setting up a wildcard cert via getlocalcert: https://docs.getlocalcert.net/acme-clients/lego/