I dont know who you have your domain with, but that is potentially predatory pricing mechanisms you dealing with there.
Now days if you want free certificates for internet usage, you can use lets encrypt.
But for LAN devices, you dont need an internet certificate at all, I generate my LAN certificates in the pfSense certificate manager, and just link it to the LAN IP for the device, the CA is the same for all these certificates and is trusted in my local certificate store.
I just checked opnsense and that also has a certificate manager. System -> Trust on menu.
I also use my private certificates for internet services that are accessed via IP such as remote opnsense/pfpsense.
Maybe you already decided to leave it, but if you are still interested thats where you can find it on opnsense.