Let's Encrypt does not do IP certificate. The redirection in the firewall works with the IP address (redirecting the traffic for authentication to https://a.b.c.d:112081, this mechanism cannot be changed, it is set inside an executable that does not have source file) so it is not possible to set a certified certificate for the firewall.
Also, I did try to install a certificate manually and completely messed up the firewall to the point that Apache was not starting, so there was no more web administration interface no Captive Portal.
I had to restore the following files from backup:
This is assuming that we are using the profile 2 and that the certificate installed is 4.
Do not mess manually with the certificates.
Even with no Apache and no Active Portal, the firewall filtering was active.