Reply to myself :
cat /etc/updater/conf.d/ssl.lua
Uninstall("lighttpd-https-cert", { priority = 60 })
Install("lighttpd-mod-openssl")
Seems to work.
And for the reverse proxy, I replaced 50-turris-auth.conf by the result of the command ‘turris-auth-server --lighttpd-config --luci-login’
And added around the fastcgi section :
$HOST["host"] =~ "regex to match my dns and local ip" { ... }
Now turris-auth won’t intercept /login, /logout, from my lighttpd reverse proxy.