Yesterday, I learned how to get Let’s Encrypt working on our PfSense router. First I set ssh to only use public keys, then installed the sudo package and the acme.sh package in the GUI. https://gaurangpatel.net/installing-nano-in-pfsense (this was very handy, as I am a nano user.) https://jarrodstech.net/how-to-pfsense-haproxy-setup-with-acme-certificate-and-cloudflare-dns-api/ The kicker was getting /etc/resolv.conf to not use internal DNS routing. We use OpenDNS Umbrella’s free teir and we block the VPN category. acme.