If you mean accessing them from within your LAN while your internet is down then no it won’t work.
What you should be doing is either split horizon DNS (LAN resolves local IPs, public resolves public IPs) or use different DNS hostnames internally, for example media.local.yourdomain.com
You then set up a reverse proxy in your LAN and point everything to that, use a let’s encrypt wildcard cert using the DNS challenge method so you can get *.yourdomain.com protected with a single cert. Since you use cloudflare you can use the cloudflare API plugin with certbot, it’ll automate everything for the DNS challenge and no need to keep opening ports or configuring http/https challenges every couple of months.
Last I checked, a wild card cert for *.yourdomain.com is NOT valid for test.local.yourdomain.com, but IS valid for test.yourdomain.com. Wildcard certs are not recursive as far as I know.
You’re right but you can get a wildcard for that level as well.
Totally, you can easy do *.test.yourdomain.com and that’s works just fine for certbot. Ive never used cloudflare so I’d assume the same setup should work.
Last I checked, which was honestly two or more years prior, CloudFlare doesn’t handle second level sub domains (I.E.
a.b.domain.ext
) properly… when I tried it, I could make the DNS records, it did resolve, but the certificates didn’t work. I don’t know if that has since changed.You likely wouldn’t be using cloudflare for that level anyways, since you want it to work when you’re offline you’d bypass them entirely with local DNS server, local reverse proxy+certs. You’d use something like certbot with let’s encrypt which works fine. https://certbot.eff.org/