LuCI should only be accessed via HTTPS, else your root password is passed via plaintext... an extremely bad idea to say the least.
Unless your webservers are public, you'd be far better off creating a self-signed CA and using that to sign an ICA, of which would sign certs. Here's a prebuilt openssl.cnf from my GitHub