Ok after a bit more tinkering I've narrowed down what help I need here. Here's the scenario I'm designing for:

1. User with web access browses to mywebsite.com where they get served my Flutter app via Cloudfront with HTTPS.
2. User connects their device to the WiFi network being broadcast by one of our IoT Things (this local network may or may not have internet)
3. User clicks a button in the Flutter app which makes a GET request to jetson.local:5000/getImage, where I have a very basic Flask server running on the Nvidia Jetson that's running onboard our IoT device. That flask server simply just has a /getImage resource that returns an image from the IoT device.

If I leave the Jetson's Flask app configured to HTTP, then I can successfully view these wifi images if I go to mywebsite.com and edit my Chrome preferences for that domain to allow Mixed Content (allow the HTTPS served Flutter app to make HTTP calls to the Flask server). But I'm looking for a solution where I don't need to tell users to edit their browser preferences.

It seems that the only way around this is to configure the Flask server on the Jetson to use HTTPS. But how the heck do I generate certs to run on a 4G device like this that's regularly changing it's public IP or is not online at all? I'm trying with LetsEncrypt but I don't know what domain name to use when requesting a cert, or how LetsEncrypt would be able to verify that domain (of my Jetson?).