I’ve been doing it this way for many years, before LetsEncrypt was around. Maybe some day I will switch so I can become dependent on another third party (though I do use LetsEncrypt for public-facing services).

Yes, telling your computer to trust a certificate chain that you are responsible for securing may significantly increase your attack surface. It’s easy to forget about that root cert (I actually push mine via GPO).