Here are some thoughts and ideas on how I have lets encrypt certificates deployed to home infrastructure ...
At a high level , my setup assigns a hostname based subdomain for each internal host.
E.G. If my registered domain is example.com
and my host is host1
then I will generate a cert for host1.example.com
.
Let's encrypt supports wildcards, you could use a wildcard if you wanted to. I didn't like the idea of every internal host using the same keypair.