There are multiple ways of installing django-ca. Each supported installation method has its own quickstart guide:
quickstart/docker_compose: By far the easiest, fastest and most reliable way.quickstart/as_app: If you want to integrate django-ca into your existing Django project.quickstart/from_source: If you want to install the project from source (or want to use it as a template for a totally different platform).quickstart/docker: If you already have web server, database etc. set up or as a template for orchestration platforms such as Docker Swarm.
OCSP and CRL access (protocols used to obtain the revocation status of certificates) usually work via HTTP, not HTTPS. Clients would need to obtain the revocation status of the certificate used for the HTTPS connection using that same HTTPS connection. Responses are signed, so using HTTP is not considered a security vulnerability.
Just in case you doubt the above: check how publicly trusted and widely used certificate authorities set the ca-example-crlDistributionPoints and ca-example-AuthorityInfoAccess extensions.
However, only CRL, OCSP and issuer information needs to be available via HTTP. If you use /ca as path in your URL configuration (like in the example above), you only need /ca/issuer/, /ca/ocsp/ and /ca/crl/ available via HTTP.