And why not just use DNS validation?
opkg update
opkg install acme acme-dnsapi luci-app-acme
/etc/config/acme
config acme
option state_dir '/etc/acme'
option account_email 'name.surname@example.com'
option debug '0'
config cert 'main'
option keylength 'ec-256'
list domains 'router.example.com' # subjectName
list domains 'srv1.example.com' # subjectAltName
list domains 'srv2.example.com' # subjectAltName
option enabled '1'
option validation_method 'dns'
option dns 'dns_<provider>' # see https://github.com/acmesh-official/acme.sh/wiki/dnsapi for list of options
list credentials '<XX>_Username="<username>"'
list credentials '<XX>_Password="<password>"'
option use_staging '0'
I use this for lighttpd configured as a reverse proxy for LXC containers running on the router.