But not because of the cert, to clarify. It’s unsafe to expose the UI to the Internet at large because a) it uses root / password for login, though 2FA in TrueNAS Core will help with that and b) isn’t typically deployed like that, and so not designed for being exposed.
I’d expect management interfaces like this to be remote-accessed via a VPN gateway on the Internet-facing router. Inexpensive options for that are a good question - the fortigate 40f comes to mind, and, there might be even lower cost and yet solid options.
What kind of hardware do people run pfSense on? That seems like a complete solution, see
https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/openvpn-remote-access-server.html .