Comment by justin_oaks
8 hours ago
Some of this might have been "because I want to see if I can". Another reason is "It bothers me to keep seeing this browser tell me my connection is insecure".
As for putting it on a separate VLAN and securing traffic with firewall rules, that may be as much or more trouble than setting up the automated certificate renewal. At least with the automated certificates there may not be any further maintenance required. With firewall rules, you'll need to open up the firewall each time you want a new device to access the printer.
Sure but how long will that last? It says in the article that RSA2048 is required, however 3072 should be the minimum these days, I am not sure how long will letsencrypt even allow creating 2048bit certs.