I have only ever used the certificate manager in pfSense with aliases. It is built on acme.sh. Even if you choose another ACME client, their wiki entry may help you with the concept and structure.
If you choose acme.sh, note that you need to update the configured CA to use Let's Encrypt. They switched their default CA to ZeroSSL in August 2021.