I’ve just managed to use Let’s Encrypt on my Turris Omnia without changing any of the configuration files already installed (*). (i.e. I only added new files / settings, and didn’t have to change anything that was already there.)
This doesn’t work if you forward your port 80 to some other device on your network.
Have fun: https://brainfood.xyz/post/20190518-letsencrypt-on-turris-omnia/
~Chris
(*) Except for the self-signed certificate that was generated initially, which will be replaced by the Let’s Encrypt certificate.