diff --git a/dnsapi/dns_opnsense.sh b/dnsapi/dns_opnsense.sh
index 0f7cdea6..97f18d1a 100755
--- a/dnsapi/dns_opnsense.sh
+++ b/dnsapi/dns_opnsense.sh
@@ -4,15 +4,19 @@
 #https://docs.opnsense.org/development/api.html
 #
 #OPNs_Host="opnsense.example.com"
-#OPNs_Port="443"
+#OPNs_Port="443" (optional, defaults to 443 if unset)
 #OPNs_Key="qocfU9RSbt8vTIBcnW8bPqCrpfAHMDvj5OzadE7Str+rbjyCyk7u6yMrSCHtBXabgDDXx/dY0POUp7ZA"
 #OPNs_Token="pZEQ+3ce8dDlfBBdg3N8EpqpF5I1MhFqdxX06le6Gl8YzyQvYCfCzNaFX9O9+IOSyAs7X71fwdRiZ+Lv"
-#OPNs_Api_Insecure=0     # Set 1 for insecure and 0 for secure -> difference is whether ssl cert is checked for validity (0) or whether it is just accepted (1)
+#OPNs_Api_Insecure=0 (optional, defaults to 0 if unset) # Set 1 for insecure and 0 for secure -> difference is whether ssl cert is checked for validity (0) or whether it is just accepted (1)
 
 ########  Public functions #####################
 #Usage: add _acme-challenge.www.domain.com "123456789ABCDEF0000000000000000000000000000000000000"
 #fulldomain
 #txtvalue
+OPNs_DefaultPort=443
+OPNs_DefaultApi_Insecure=0
+
+
 dns_opnsense_add() {
   fulldomain=$1
   txtvalue=$2
@@ -168,7 +172,7 @@ _opns_rest() {
   key=$(echo "$OPNs_Key" | tr -d "\n\r" | _url_encode)
   token=$(echo "$OPNs_Token" | tr -d "\n\r" | _url_encode)
 
-  opnsense_url="https://${key}:${token}@${OPNs_Host}:${OPNs_Port}/api/bind${ep}"
+  opnsense_url="https://${key}:${token}@${OPNs_Host}:${OPNs_Port:-$OPNs_DefaultPort}/api/bind${ep}"
   export _H1="Content-Type: application/json"
   if [ ! "$method" = "GET" ]; then
     _debug data "$data"
@@ -218,29 +222,30 @@ _opns_check_auth() {
   OPNs_Api_Insecure="${OPNs_Api_Insecure:-$(_readaccountconf_mutable OPNs_Api_Insecure)}"
 
   if [ -z "$OPNs_Host" ]; then
-    OPNs_Host="localhost"
     _err "You don't specify OPNsense address."
     return 1
   else
     _saveaccountconf_mutable OPNs_Host "$OPNs_Host"
   fi
 
-  if [ -z "$OPNs_Port" ]; then
-    OPNs_Port="443"
+  if ! printf '%s' "$OPNs_Port" | grep -q '^[0-9]*$'; then
+    _err 'OPNs_Port specified but not numeric value'
+    return 1
+  elif [ -z "$OPNs_Port" ]; then
+    _info "OPNSense port not specified. Defaulting to using port $OPNs_DefaultPort"
   else
     _saveaccountconf_mutable OPNs_Port "$OPNs_Port"
   fi
-
-  if [ -z "$OPNs_Api_Insecure" ]; then
-    OPNs_Api_Insecure="0"
-  else
-    #save the api addr and key to the account conf file.
+  
+  if ! printf '%s' "$OPNs_Api_Insecure" | grep -q '^[01]$'; then
+    _err 'OPNs_Api_Insecure specified but not 0/1 value'
+    return 1
+  elif [ -n "$OPNs_Api_Insecure" ]; then
     _saveaccountconf_mutable OPNs_Api_Insecure "$OPNs_Api_Insecure"
   fi
-  export HTTPS_INSECURE="${OPNs_Api_Insecure}"
+  export HTTPS_INSECURE="${OPNs_Api_Insecure:-$OPNs_DefaultApi_Insecure}"
 
   if [ -z "$OPNs_Key" ]; then
-    OPNs_Key=""
     _err "You don't specify OPNsense api key id."
     _err "Please set you OPNs_Key and try again."
     return 1
@@ -249,7 +254,6 @@ _opns_check_auth() {
   fi
 
   if [ -z "$OPNs_Token" ]; then
-    OPNs_Token=""
     _err "You don't specify OPNsense token."
     _err "Please create you OPNs_Token and try again."
     return 1