You can buy a domain, put public NS servers on it for the only purpose of doing Letsencrypt DNS validation. Hint: Create root and wildcard (eg domain.ca and *.domain.ca) so you aren't leaking internal DNS records (not that it matters much).
You run an internal DNS server (Pihole + unbound is my combo of choice) which becomes authoritative for your internal LAN.
This boggles me when I see this option in any password manager (and I think every single one has this 'option').
Why do password managers let people store TOTP next to the password, this completely invalidates the 2FA of TOTP if your password manager get broken into.
You run an internal DNS server (Pihole + unbound is my combo of choice) which becomes authoritative for your internal LAN.