Dank Reddit und dem User gellenberg gibt es das hier:
nano /etc/systemd/system/tailscale-cert.service
[Unit]
Description=Tailscale SSL Service Renewal
After=network.target
After=syslog.target
[Service]
Type=oneshot
User=root
Group=root
WorkingDirectory=/etc/ssl/private/
Environment="HOSTNAME=[your device's hostname]"
Environment="DOMAIN=[your tailnet].ts.net"
ExecStart=tailscale cert ${HOSTNAME}.${DOMAIN}
[Install]
WantedBy=multi-user.target
/etc/systemd/system/tailscale-cert.timer
[Unit] Description=Renew Tailscale cert [Timer] OnCalendar=weekly Unit=%i.service Persistent=true [Install] WantedBy=timers.target
systemctl daemon-reload
systemctl start tailscale-cert.service
systemctl enable tailscale-cert.timer
Your SSL certs will be in /etc/ssl/private.