You may have noticed when you log into OPNsense and see a warning message that a self-signed certificate is used for the web interface by default. You may replace the self-signed certificate with a free Let's Encrypt certificate using the ACME plugin.

A self-signed certificate is less secure than a real certificate since there is nothing authoritative about a self-signed certificate. Malicious users may easily generate self-signed certificates you will not know which self-signed certificate is the legitimate one.

In order to use a self-signed certificate, you must use a real domain name you own or a dynamic DNS domain name. I use Cloudflare as an example.

For a written version of this guide, please visit my website:
https://homenetworkguy.com/how-to/rep...

00:00 Introduction
01:13 Setting up an API Key (Cloudflare)
04:08 Installing the ACME client
05:22 ACME Settings page overview
05:34 ACME Accounts page
06:10 ACME Challenge Types page
07:48 ACME Automations page
08:24 ACME Certificates page
11:00 ACME Settings page
11:35 Changing the default certificate
12:16 Logging into OPNsense web UI
13:12 Outtake

EP20