TLS for internal network

Hi everyone,
I have a general question regarding Traefik and TLS.
I run my server to be accessed only within the LAN and I would like to experiment in using TLS.
I have no need nor I want to expose any of my servers to the outer internet.

I read the docs about TLS and Letsencrypt and I think I understood that I would need to expose my server to the internet in order to allow Letsencrypt servers to validate my certificate. Moreover I would need a domain name (that I currently don't have, as I use dynamic dns to reach my VPN).

Can someone explain me if Letsencrypt is the right choice for the job?
If not, what are the option to use TLS within the internal network?

Side-note: I am aware I don't "need" tls in the intranet, I want to experiment and study, but also get rid of some limitation some of my servers have when using non https connection (the most annyoing is websites not being able to access cameras of the device on ios or android).