Pfsense router SSL/TLS certificate - newbie

Hi, I’m not sure I’m in the right place? I have a small personal home network, don’t host a website or run a web server. My router is configured to send some traffic to a VPN service using their DNS servers, so there are no leaks from port 53. I have a DMZ subnet which bypasses VPN and I wish to secure DNS requests via the local resolver since these will not pass through the VPN tunnel. At the moment, my router DNS settings are for SSL/TLS to but the subnet DNS requests are going out as port 53 not 853. I suspect this is because the present SSL/TLS certificate is self signed?

Can I get a free 15 year certificate just for personal use and DNS queries to without hosting a web server? My Pfsense router setup also suggests a DNS server hostname is required for TLS verification, but what is the server hostname for

Sorry for the basic questions.

Since my post got hosted here, I got help from the pfsense community. The certificate issue confusing me doesn’t arise as I’m not web hosting and I’ve now managed to configure my router to use Cloudflare DNS/TLS.

I used the cloudflare /help TLS page which now confirms my DNS is TLS port 853 . My topic can be closed.