Usually you want to control it from anywhere, so the first problem is a fixed IP address. The cloud and the device can both access a fixed public IP address.
Home internet doesn't allow fixed public IP addresses. You need a service like dyndns to provide this mapping. The first levl of security is that there is a mapping and reverse mapping of IP address and name generally needs to agree.
mail receivers and https is a lot more complicated. The "certificate" provides the encryption and it's elsewhere.
You can look at AWS or Amazon Web services.
There is a software package that allows control of stuff using your own web server.