We use the https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-web-client-admin (Latest version 1.0.27) Normally it works really well, but then once ...
I would just be careful about extending the lifetime of your certificates beyond a year. Chrome refuses to accept the validity of certificates with a lifetime over 398 days. This only applies to publicly trusted CAs, so maybe that's how you get around it. But personally, I think certificates signed by a publicly trusted CAs should be the expectation.