OPNsense generates a self-signed certificate for the web interface during installation. Although a self-signed certificate may suffice, particularly in a home network setting with restricted web interface access, there are better solutions than this. OPNsense allows you to create Let's Encrypt certificates using the ACME client, a plugin included in the repository. Let's Encrypt certificates are advantageous due to their cost-free nature and the ease with which they can be created for your domains. In this tutorial, we will explain how you can change a self-signed certificate with a Let's Encrypt certificate on your OPNsense firewall. Chapters 00:00 Introduction 0:55 Update Domain Name 1:26 Generate Cloudflare API Key 3:05 Install ACME Client Plugin 3:56 Register Account 5:34 Select Challange Types 7:41 Setup Automation (Optional) 8:30 Add Certificate 10:48 Enable ACME Client Plugin 13:40 Change Test Certificate With Prod Certificate 14:11 Updating Web UI Certificate