I have lots of little internet of things running at home, and everything is finally running on SSL but with local certs I've generated, including Tomato. In a perfect world, I'd love for Tomato to generate its own legitimate certificate to use for its own webui, and then also make that certificate available via internal only webserver so my other boxes can suck it down and use it. This would be a great feature for business type use and users worried about snoops. To make it clear: Tomato uses automated script to update its own cert, which gets validated externally by a special service hosted at port 80/443. The service allows internal requests to actually get at the usually secret parts of the certificate for duplication. The generated cert is applied to whatever other port the webui runs on, and can be used externally on other servers on other ports. I may not be understanding LetsEncypt properly, so feel free to correct me, or let me know if this isn't feasible for Tomato.