Well, wildcard certificates need DNS validation. So that means the relevant questions are:
Who provides your DNS hosting?
Does acme.sh support automated updates of that provider's DNS records? The list of supported providers (and necessary credentials) is at: dnsapi · acmesh-official/acme.sh Wiki · GitHub
Does the OPNsense GUI support that DNS provider--will it let you enter the necessary credentials?
You say ionos is your "hosting provider", which may or may not be relevant. But if they are providing your DNS hosting, it appears acme.sh does support them: dnsapi · acmesh-official/acme.sh Wiki · GitHub
You'll need to get some API credentials from ionos, and then presumably there's a place in the OPNsense GUI to enter them. Problems or questions on that side of things are better directed to the OPNsense forum.
Where do I have to enter those stuff with export? On the shell at opnsense firewall?
Read Getting Started to learn how to create an API key. Export your credentials as environment variables:
You shouldn't have to enter those commands at all, but you will need to use these credentials. But in order to do that, OPNsense would need to support your DNS host, and it doesn't look like they do:
The underlying ACME client they use (acme.sh) supports it, but it doesn't look like they have it coded into their UI. You'll need to ask them about changing that.