Fitbit integration requires the OAUTH2 callback URI to be HTTPS, which is an issue since Home Assistant by default only runs in HTTP. Additionally, I do not wish to expose HA to the internet and only access it externally via VPN into my home network. So the solution is to generate our own cert to install in Home Assistant, and store that root CA in the trusted CA list on the computer from which the HA front end is going to be accessed.
This will be done using the mkcert
tool: https://github.com/FiloSottile/mkcert
1. Generate a cert which is valid for both the hostname address and the IP address of my HA instance.
mkcert -install
mkcert homeassistant.home.lan 192.168.1.5
2. Copy the files over to the HA server (method doesn't matter, in my case I already have SSH access setup).
scp homeassistant.home.lan* root@192.168.1.5:ssl/
http:
ssl_certificate: /ssl/homeassistant.home.lan+1.pem
ssl_key: /ssl/homeassistant.home.lan+1-key.pem