Vaultwarden without Access to the Internet (Internal CA from Microsoft)

The following is the case:

We would like to test and possibly use Vaultwarden in our environment, but the following must be guaranteed. The server does not have and will not have access to the Internet. We would also like to use a Microsoft server to manage the certificates.

Is obsolescence via Microsoft certificates possible, if so, where do they have to be stored at Vaultwarden?

Currently we still have the problem that Vaultwarden can be reached via http, but any HTTPS connection does not want to work. In another test environment (6 months ago) this still works with the note that the site is not secure, so far that would be OK and understandable.

If someone knows how I can solve the whole thing with the HTTPS/certificate via a Microsoft server, I would be grateful for any help.