If you try to use a TLS network connection on an ESP8266, you'll find you rapidly run out of RAM and flash--at least, if you program it using the Arduino tools. Crypto like that is pretty big, especially if you're using a properly sized set of TLS certs. (My foray into this world was primarily with the Azure IoT Hub SDK.)

So, I'm doing what I did on my AirQualSniff project: Unencrypted and insecurely authenticated MQTT over my LAN. It's not ideal, but it'll work for now and means I don't have to worry about code size or cert rotation.

I really like Particle.io's solution, but it's tied to their hardware and has pretty severe payload size limitations. While not an issue for a Geiger counter, it hurt when working on AirQualSniff.