As HodgesanDY says HTTP is insecure, there is an argument to say that internal attack likelihood is going to be a lot less than external but at the end of the day you are passing passwords around the network in plain text.  That said, if it is just internal admin access you are securing then there is no issue using the self-signed certificate on the DrayTek, go to the management page and click on "LAN Access Settings", then check the force HTTPS box.  You will still see the certificate warning but that's only because it's a self-signed certificate.  If you want to use a CA signed certificate then you'll need to do the following (Backup your router settings before starting, just in case)

- Register for DrayDDNS
- Setup LetsEncrypt Certificate
- Create an IP object for your internal LAN subnet, set the type to "Subnet address" then click on the "Select" button and select your LAN
- In the "Management" page select "Allow management from the internet" then check the "Enforce HTTPS access" and "HTTPS Server" (ensure that HTTP is unticked)
- On the same "Management" page in the "Access List from Internet" add your newly created object - this ensures that only your LAN can access the router, everything else is blocked
- Last step to go "Management" -> "LAN access setup" and tick "Enforce HTTPS access" - note when switching this on the router can sometime become unavailable for a short period, not sure why but just so you're warned.

Now login into your router, ensure that use use the routers DrayDDNS name and not IP address, that should take you to the login screen with no certificate errors.