"
In order to obtain a certificate from Let's Encrypt with an IP address, the ACME client needs to use the 'shortlived' profile (https://letsencrypt.org/docs/profiles/#shortlived). However, the 'os-acme-client' OPNSense plug in does not support profile selection. Support is marked as "not planned" in opnsense/plugins/issues/4791.
Even the underlying 'acme.sh' script which requests the certificates was only recently updated to support profiles in acme.sh/issues/6193.
Even the underlying 'acme.sh' script which requests the certificates was only recently updated to support profiles in acme.sh/issues/6193.
