For a long time I have been using PfSense for my infra at home also to secure the virtual machines on my dedicated servers, also for small infra like schools, SMEs, hotels etc ...
I turned to OPNSense for the simplicity of the interface and above all more update and security patches compared to PfSense Community edition. I'm not saying PfSense has become a firewall to avoid, plan to buy the official hardware for better support and patching.

Certify The Web allows you to generate and then install an SSL certificate for free! In particular, it makes it possible to secure (httpS) an Exchange server or remote desktop gateways.
​Certify The Web is easy to install on Windows Server. Once installed, just follow a wizard to deploy your SSL certificate for free. Certify The Web is fully compatible with IIS (Microsoft's web server functionality).

There are paid certificates that you can obtain from authorized resellers such as Global Sign, for example, Certify The Web relies on the free Let's Encrypt solution and takes care of renewing the certificate automatically.

If like me you host several services at home or in production,  you are not going to set up a certificate on each server or docker, the easiest way to manage certificates is to centralize certificate management in a single node or docker. Traefik is much favored but I prefer Nginx proxy manager because it is easy to use and light and above all to add a service by UI in a simpler way. Traefik is useful for its configuration files, the logic of its configuration and the integration of Docker / Kubernetes. But above all Traefik becomes the ideal solution when I load/unload containers, it is the only one that allows me to simply manage the ports dynamically.

The dashboard generated by Modern AD  gives a quick overview of the entire Active Directory environment, and it displays the most useful information for administration: servers with FSMO roles, enabled accounts, unsupported machines, number of administrators, etc. This information is crucial to keep an eye on the Active Directory configuration at any given time. Is developed Dakhama Mehdi from github.

In my infrastructure I use Microsoft's active directory a lot, which for me remains the most complete in terms of hybrid configuration on various OS.
I generally use Linux distributions as a server for web hosting and more. The easiest way is to connect an LDAP directory or active directory.
Here I will detail my way with ubuntu server 22.04 lts, however the configuration may be wrong on other distributions or future updates. So be careful in productive use.

Mkcert is a simple tool that enables you to generate and install self-signed SSL certificates for local development. Here are the steps to install, configure, and generate self-signed SSL certificates with mkcert :

sudo apt install libnss3-tools
curl -JLO "https://dl.filippo.io/mkcert/latest?for=linux/amd64"
chmod +x mkcert-v*-linux-amd64
sudo cp mkcert-v*-linux-amd64 /usr/local/bin/mkcert