Auto-renew SSL Lets Encrypt SSL certificate within VPN

Hi guys,

when I set up my HA months ago, I followed this guide: Installing TLS/SSL using Lets Encrypt. I’m using Google 2FA to login to my HA. So actually I’m feeling safe.

Now I got a new router (FritzBox), which supports IPSec VPN. I set this up and tried it with my iPhone: Entering my own network works perfectly with that.

My question is:

  1. Is there a need to secure my HA for a internal-network-usage (so: not directly accessible from internet with port forwarding) with SSL?
    If yes: How can I accomplish auto-renewal?
    If no (what I guess): When using HA only internal, how can e. g. my GPS position be provided to HA except of manually enabling VPN on my iPhone and open the HA app?
  2. Is there a need at all to make my HA only accessible from intern my network with VPN from extern or is a strong password in combination with 2FA safe enough (=> is the e. g. GUI itself safe enough)?

Since my router only supports IPSec which is properly included in iOS, I don’t really want to use third party apps and integrations (like OpenVPN, WireGuard, …) if not necessary.