Note on how I set up a let’s encrypt SSL certificate on an ESXi (version 7 or 8). The certificate is generated with ACME.sh, I’m using a Cloudflare DNS verification.

 export CF_Account_ID=
 export CF_Token=
acme.sh --issue --dns dns_cf -d edgerouter.mazenet.org
cat .acme.sh/edgerouter.mazenet.org/edgerouter.mazenet.org.cer .acme.sh/edgerouter.mazenet.org/edgerouter.mazenet.org.key > ~/.acme.sh/edgerouter.mazenet.org/edgerouter.mazenet.org.cert
scp ~/.acme.sh/edgerouter.mazenet.org/edgerouter.mazenet.org.cert [email protected]:
scp ~/.acme.sh/edgerouter.mazenet.org/fullchain.cer [email protected]:

On the router shell

sudo mkdir /config/ssl/
sudo mv edgerouter.mazenet.org.cert /config/ssl/server.pem
sudo mv fullchain.cer /config/ssl/ca.pem

configure
set service gui cert-file /config/ssl/server.pem
set service gui ca-file /config/ssl/ca.pem
commit

If automatic renew is needed, see https://github.com/j-c-m/ubnt-letsencrypt