How to add HTTPS (TLS) to my internal HA?

i try to figure out the best way to make the connection to my Home Assistant RPI4 secured with HTTPS.
Theoretically i only need a certificate which my devices from where i access HA will trust. Usually this can be achieved by creating a Let’s Encrypt certificate, which needs to be updated every 3 month.

I’ve read that there is an add-on to handle all this stuff and already added this to my instance. A little problematic is the update process, because LE uses an web-request to determine if the host from the certificate is accessible through HTTP (80) in order to sign the certificate.

I also don’t get how to tell HA to make use of HTTPS instead of HTTP and what else needs to be changed then? Do i need to re-register all the sensors because they are using the HA api internally?

And if that all was set up, is it safe then to open a port on my firewall that i can access HA from the Internet via HTTPS?

It’s all in the HA docs:

If you don’t want to open ports on your router you could also use Cloudflared instead of LE