at some point I need to secure my home automation's webserver so some idiot with a drone doesn't remotely turn off my fridge
Thinking about it, all the self-signed ssl certs etc would be a real pain to deal with.
Then I realized: Just ditch the webserver and use ssh. I already have ssh keys.
secured http over local unix socket accessed over ssh here I come
or I could use MQTT.. and deal with ssl certs, and apparently username+password auth