diff --git a/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/setup.sh b/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/setup.sh
index 20a65224b..8a6352652 100755
--- a/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/setup.sh
+++ b/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/setup.sh
@@ -2,6 +2,8 @@
 
 ACME_BASE="/var/etc/acme-client"
 ACME_DIRS="/var/etc/acme-client/certs /var/etc/acme-client/keys /var/etc/acme-client/configs /var/etc/acme-client/challenges /var/etc/acme-client/home /var/etc/acme-client/cert-home"
+ACME_LINKS="deploy dnsapi notify"
+ACME_LINK_TARGET="/usr/local/share/examples/acme.sh"
 
 # Create required directories and set owner/mode recursively.
 for directory in ${ACME_DIRS}; do
@@ -10,14 +12,22 @@ for directory in ${ACME_DIRS}; do
     chmod -R 750 ${directory}
 done
 
-# Remove symlink in order to use upstream version
-# see https://github.com/opnsense/plugins/pull/1888
-if [ -L /var/etc/acme-client/home/dns_opnsense.sh ]; then
-    unlink /var/etc/acme-client/home/dns_opnsense.sh
-fi
-
 # Set owner/mode for base and immediate children (non recursive).
 chown root:wheel ${ACME_BASE} ${ACME_BASE}/*
 chmod 750 ${ACME_BASE} ${ACME_BASE}/*
 
+# Create symlinks for acme.sh script directories.
+# This should guard against manual misconfiguration.
+for link in ${ACME_LINKS}; do
+    # First remove any existing file/directory.
+    if [ -f "${ACME_BASE}/home/${link}" ]; then
+        rm ${ACME_BASE}/home/${link}
+    elif [ -d "${ACME_BASE}/home/${link}" ]; then
+        rmdir ${ACME_BASE}/home/${link}
+    elif [ ! -e "${ACME_BASE}/home/${link}" ]; then
+        # Create the symlink.
+        ln -s ${ACME_LINK_TARGET}/${link} ${ACME_BASE}/home/${link}
+    fi
+done
+
 exit 0