I will be trying the acme solution using the GoDaddy API to see if that works before trying on Cloudflare and will report back how that all works.
@kevdog the way that I propagate the certificates in the past has been to run a script that copies the certificates from what I call the “security server” where I obtain them to the various internal reverse proxies that I have running as VMs. I have those certificates applied to the Nginx settings for each domain/subdomain that I have set up for reverse proxy.
For example, if I want to visit my Unifi Controller web GUI I would type https://unifi.domain.com. As all of the devices on my network use my pfSense install for their DNS server, this would then ask the pfSense for the DNS record. Because the URL that I am asking for it internal only I have my pfSense set up with a host override listing the appropriate internal proxy as the IP address. From there it would then send the request to that reverse proxy server and that would serve up the page pased on the proxy pass in the Nginx configuration file. I have it set to use https between the back end server and Nginx where possible and have Ngnix accept the self-signed certificates.
For my domains and subdomains that are accessible externally, I do not have a host override setup so they resolve like any other domain and I have a dedicated reverse proxy for externally accessible resources that follows the similar process to internal ones minus the host override.