Many of us want to change it, but we are cattle in the eyes of our government with no real power to change it - though we’re doing our damndest in spite of that.

I think you could achieve this with largely the same method as typical when using Nginx, Caddy, etc.

The main difference is that where you’d usually use ACME/Let’s Encrypt - you’ll likely need to generate your own certs using a took like mkcert. You’ll need to get the CA cert used to generate the SSL certs and install it on any other systems/browsers that will be accessing the apps over https (mkcert will install them for the system you generate from).