Just create a wildcard domain certificate !

that’s what I do already, but yeah I haven’t added it to the trust store so far, only on linux for git and curl

If you’re interested I can send you the snipped of a book to fully host your own CA :). It’s a great read and easy to follow !

that would be interesting, thanks for the offer. but according to plan I don’t want to host a full-on CA, just make the CA cert, store them at a restricted place, and build other certs on top of it for use by nginx