As someone that has built security applications for most of this century, I can confidently say that when you make security the problem of one device, system, team or entity that it results in insecurity. It might satisfy some auditors but that’s about it.

The most obvious issue is that if any system is compromised, then the attacker can potentially sniff traffic and they are all effectively compromised. The next one, and it’s really key to TLS, is that the app you are proxying probably has an opinion or desired behavior when things can’t be authenticated or are improper. Someone reading you blog and the cert is a day old? Probably not super risky to let them read it. Logging in to the mail server and the keys are bad? You might want the server to just block that.

For like a home lab situation or kind of toy systems? These tools are great, I’ve used stunned more than a few times to hack things together

That's basically the idea behind zero trust, isn't it? The idea being that you can't even knock on the TCP port if you're not authenticated

I use Caddy the same way. My web apps aren't allowed to think about TLS, they sit behind Caddy and I'm secure as long as I keep it updated