If anything TLS has gotten easier since Lets Encrypt came along. You just install one of the clients for it, configure a domain and periodic renewal and you're done.
I bought a domain to use for my home network instead. I have LE issue a cert for it via DNS challenge and use it liberally with hosts on my LAN, with the excellent benefit that I don’t need to give clients a new CA I invented.
I use mkcert[2] for this but it's still fiddly.
[1] https://letsencrypt.org/docs/certificates-for-localhost/
[2] https://github.com/FiloSottile/mkcert