As I wrote in https://forum.openwrt.org/t/howto-use-letsencrypt-and-acme-with-lighttpd/96513 you can't use LuCI with lighttpd to renew a letsencrypt certificate. You need to run acme manually.
There are two issues to tackle. How to renew and how to create the pemfile for lighttpd.
On the first issue, you can wait until 60 days have elapsed but then you need to check every day. I came to the conclusion it's easier to force a renew once every month. Just choose a day and a time and create an entry in /etc/crontabs/root:
15 4 8 * * /root/bin/renewcertificate >> /root/log/renewcert.log 2>&1
On the second issue, you need to tell acme where to put the certificate after creating it.
By issuing the following command only once you configure acme's certificate paths:
root@router:~# /usr/lib/acme/acme.sh --home /etc/acme --install-cert --domain <domain.tld> --cert-file /etc/ssl/private/cert.pem --key-file /etc/ssl/private/key.pem --ca-file /etc/ssl/private/ca.cer --fullchain-file /etc/ssl/private/fullchain.pem
You can check the settings in /etc/acme/<domain.tld>/<domain.tld>.conf
The /root/bin/renewcertificate script ends up like this:
echo "$(date): /etc/init.d/lighttpd stop" /etc/init.d/lighttpd stop echo "$(date): issue force renew request" /usr/lib/acme/acme.sh --standalone -f -r --home /etc/acme -d <domain.tld> echo "$(date): create pemfile for lighttpd" cd /etc/ssl/private cat key.pem cert.pem > lighttpd.pem echo "$(date): /etc/init.d/lighttpd start" /etc/init.d/lighttpd start