A prion is just a misfolded protine that has some adverse behavior that your body can’t detect (there’s a mechanism that if your body identifies a malformed protine, it will terminate the cell making it). Anyway, prions live in this small region in a Venn diagram whereits can’t be detected, but can still replicate and cause harm.
We mostly think of prion diseases (like mad cow) affecting the brain, but I dont think prions are isolated to the brain… Prion deseases happen to involve the brain a lot because a misbehaving protine in your brain will have a lot more apparent effects
I run freeipa internally, which handles all internal https certs (as well as nice things like handling non sudo auth so I can just ssh to machines from an already authed machine without a PW prompt, and doing ldaps for internal things that support it)
For external web, I have a single box running nginx as a reverse proxy thats web exposed. That nginx box has letsencrypt certs for the public web stuff. The nginx rp has the internal CA on it and will validate the internal https certs (no mullet SSL here!)
I also do different domains for internal vs external, but thats not a requirement for a setup like this