diff --git a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogCertificate.xml b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogCertificate.xml
index 703b67d98..4c05f7706 100644
--- a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogCertificate.xml
+++ b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogCertificate.xml
@@ -78,6 +78,12 @@
         <type>checkbox</type>
         <help>Generate and add OCSP Must Staple extension to the certificate. When this option is enabled and issueance/renewal requests fail, then this extension is probably not supported by the CA.</help>
     </field>
+    <field>
+        <id>certificate.profile</id>
+        <label>Certificate Profile</label>
+        <type>text</type>
+        <help><![CDATA[Optional. Specify the ACME Certificate Profile to use (e.g. "shortlived"). See CA documentation for available profiles.]]></help>
+    </field>
     <field>
         <label>Advanced Settings</label>
         <type>header</type>
diff --git a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeCertificate.php b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeCertificate.php
index e45f92ded..0faf0cdf0 100644
--- a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeCertificate.php
+++ b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeCertificate.php
@@ -648,6 +648,9 @@ class LeCertificate extends LeCommon
             $val->setRenewal((int)$renewInterval);
             $val->setForce($this->force);
             $val->setOcsp((string)$this->config->ocsp == 1 ? true : false);
+            if (!empty((string)$this->config->profile)) {
+                $val->setProfile((string)$this->config->profile);
+            }
             // strip prefix from key value
             $val->setKey(substr($this->config->keyLength, 4));
             $val->prepare();
diff --git a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/Base.php b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/Base.php
index 6163abadd..db814ef19 100644
--- a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/Base.php
+++ b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/Base.php
@@ -280,6 +280,15 @@ abstract class Base extends \OPNsense\AcmeClient\LeCommon
         $this->acme_args[] = $ocsp == true ? '--ocsp' : null;
     }
 
+    /**
+     * set certificate profile
+     * @param $profile string profile name
+     */
+    public function setProfile(string $profile)
+    {
+        $this->acme_args[] = LeUtils::execSafe('--cert-profile %s', $profile);
+    }
+
     /**
      * set renewal interval
      * @param $interval int specifies the renewal interval in days
diff --git a/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml b/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml
index f8ad82cec..97d4be717 100644
--- a/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml
+++ b/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml
@@ -260,6 +260,11 @@
                     <Default>0</Default>
                     <Required>N</Required>
                 </ocsp>
+                <profile type="TextField">
+                    <Required>N</Required>
+                    <Mask>/^.{1,255}$/u</Mask>
+                    <ValidationMessage>Should be a string between 1 and 255 characters.</ValidationMessage>
+                </profile>
                 <restartActions type="ModelRelationField">
                     <Model>
                         <actions>