

my router and my reverse proxy (traefik) is able to receive the necessary SSL/TLS certificates however
From something like LetsEncrypt?
As an HTTP-01 Challenge? Not an DNS-01 challenge?
Http challenge means that port 80 is accessible from the public internet (because that’s how LE can confirm it can reach your server via the public DNS records, proof of server ownership).
DNS-01 is about proof of DNS record ownership, and doesn’t prove public internet access.
Also, what are you self hosting?
Does it really need to be publicly accessible? Or just accessible by you and people you trust?
Wouldn’t it be better to have highly available storage for the git repo?
Something like Ceph, Minio, Seaweedfs, GarageFS etc.
Cause git is file system based.