J - LetsEncrypt

1. Hi Kris and Allen,
2. love the show, have been watching from day 1!
3.  
4. I have a question regarding using LetsEncrypt with the various services I have on my network at home, which run inside jails/bhyve on a FreeBSD 11 server.
5.  
6. Firstly, I have a jail which runs nginx and security/py-certbot to generate and automatically renew LetsEncrypt SSL certificates. This works great, for example I've set it up so I can access the nginx instance from the internet over port 443.
7.  
8. My question is: how far can/should I go with using LetsEncrypt certificates elsewhere on my network? For example, is it worth using LetsEncrypt certs (as opposed to self-signed certs) on my LDAP server? Mail and IMAP? What about for signing Poudriere packages? If so, then what is the best way to get the certs to the other (virtual) machines once I've generated them? I assume I can't just copy them there when I set up the service since they expire in short order, so should I just write a shell script/cron job to do this? How do you guys / other viewers deal with this issue?
9.  
10. Thanks,
11. J