It seems like you have two pretty viable options:

1. Wire up LetsEncrypt certs for things running on your LAN, and all the "dire certificate warnings" go away.

2. Run a local ACME service, wire up ACME clients to point to that, make your private CA valid for 100 years, trust your private CA on the devices of the Regular People in your house.

I did this dance a while back, and things like acme.sh have plugins for everything from my Unifi gear to my network printer. If you're running a bunch of servers on your LAN, the added effort of having certs is tiny by comparison.