Pretty sure this is a mistake.
The screenshot tells me that @tcp is using the HTTP-challenge, which should work on every OpenWrt (at least if nobody removed the firewall itself).
@tcp You might want to have a look into the ACME script I wrote: Is there a way to get a letsencrypt certificate for the factory DDNS on the MT6000? - #4 by admon - Maybe just for understanding the commands and requirements.