You may have noticed when you log into OPNsense and see a warning message that a self-signed certificate is used for the web interface by default. You may replace the self-signed certificate with a free Let's Encrypt certificate using the ACME plugin. A self-signed certificate is less secure than a real certificate since there is nothing authoritative about a self-signed certificate. Malicious users may easily generate self-signed certificates you will not know which self-signed certificate is the legitimate one. In order to use a self-signed certificate, you must use a real domain name you own or a dynamic DNS domain name. I use Cloudflare as an example. For a written version of this guide, please visit my website: 00:00 Introduction 01:13 Setting up an API Key (Cloudflare) 04:08 Installing the ACME client 05:22 ACME Settings page overview 05:34 ACME Accounts page 06:10 ACME Challenge Types page 07:48 ACME Automations page 08:24 ACME Certificates page 11:00 ACME Settings page 11:35 Changing the default certificate 12:16 Logging into OPNsense web UI 13:12 Outtake EP20