> That is unusual, but I guess for a static website it doesn't really matter.

It sorta does matter. Either the actual raspi does nothing of value or the traffic has value that should be protected.

Sure, I heard the argument that public HTTP traffic does not need encryption but if it is of any value then both parties have a interest in it unmanipulated, uncenscored, validated or all of the before. Even if it is just preventing the ISP injecting dumb ads.

Yeah that's a valid concern. Idk, nothing about this setup makes sense.