In my case I just setup a subdomain 'local.<domain>' to my personal domain and had Let's Encrypt create valid certificates for it via Traefik.
Each service is then exposed via '<service>.local.<domain>'.
This has been working flawlessly for me for some time.