Messages

The code change to support profiles in the os-acme-client plugin was merged today, after the 26.1 release. So I would guess it will be in the next version. I do not know the details of the OPNSense release process, so we'll have to wait and see. You can see the code in opnsense/plugins/pull/5154.

The code shows that once the feature is available, there will be a "Certificate Profile" text field in the "Edit Certificate" dialog.

In order to obtain a certificate from Let's Encrypt with an IP address, the ACME client needs to use the 'shortlived' profile (https://letsencrypt.org/docs/profiles/#shortlived). However, the 'os-acme-client' OPNSense plug in does not support profile selection. Support is marked as "not planned" in opnsense/plugins/issues/4791.

Even the underlying 'acme.sh' script which requests the certificates was only recently updated to support profiles in acme.sh/issues/6193.