In a lecture at DEF CON 27 Crypto and Privacy Village - Karl Koscher - Enabling HTTPS for home network devices a way was suggested that leverages a trusted TLD to create valid TLS certs for non routable addresses from lets encrypt
as the turris project controls the turris.cz domain it can be used to create certs that are valid for turris devices
see the software for it at github https://github.com/supersat/tlsmy.net
its worth investigating even as a low priority feature