I can’t say if you are overstating it but, only mention that I went through a similar path. I had it multiple scripts running and it was a neverending thing.
Since I have moved to small step I never had a problem.
The biggest advantage I got is for products like opnsense, you can do automatic renewal of certificates using your internal CA.
Generating new certs is still as simple (actually much easier for me) than relying on openssl or easyrsa scripts.
I can’t say if you are overstating it but, only mention that I went through a similar path. I had it multiple scripts running and it was a neverending thing.
Since I have moved to small step I never had a problem.
The biggest advantage I got is for products like opnsense, you can do automatic renewal of certificates using your internal CA.
Generating new certs is still as simple (actually much easier for me) than relying on openssl or easyrsa scripts.