Since you have a custom domain, using CloudFlare together with self-signed cert is the best way to go