You can use any domain you like. I personally have an actual domain that I only use inside my network. This way I can get SSL certs from Let’s Encrypt using the DNS challenge which doesn’t require any ports being opened. You can use self signed certs but I would strongly suggest using certs from the likes of Let’s Encrypt.
Here are 2 pages on this subject
https://github.com/dani-garcia/vaultwarden/wiki/Enabling-HTTPS
I have 2 of these drawers. 1 in the kitchen and 1 in the garage.
My selfhosted instance is still working. I’m the only user which probably helps it from getting flagged. If they manage to kill Piped and the other similar options, YouTube is dead to me.
I manage all my certs using Cert Warden which has a dashboard that displays the expiry date. It does lack alerting, so I use Uptime-kuma to monitor the expiry dates of the certs. So not a big loss for me.