Add ACME profile support for IP address certificates

Auto-select `shortlived` profile for Let's Encrypt when domain list
contains IP addresses. Expose `profile` option to allow manual override
for custom CA servers.

docs/configuration/shared/certificate-provider/acme.md

@@ -6,6 +6,7 @@ icon: material/new-box
 
     :material-plus: [account_key](#account_key)  
     :material-plus: [key_type](#key_type)  
+    :material-plus: [profile](#profile)  
     :material-plus: [detour](#detour)
 
 # ACME
@@ -37,6 +38,7 @@ icon: material/new-box
   },
   "dns01_challenge": {},
   "key_type": "",
+  "profile": "",
   "detour": ""
 }
 ```
@@ -141,6 +143,16 @@ The private key type to generate for new certificates.
 | `rsa2048`  | RSA     |
 | `rsa4096`  | RSA     |
 
+#### profile
+
+!!! question "Since sing-box 1.14.0"
+
+The ACME profile name to use for certificate orders.
+
+See [ACME Profiles](https://datatracker.ietf.org/doc/draft-aaron-acme-profiles/) for details.
+
+When using Let's Encrypt with IP address identifiers, the `shortlived` profile is automatically selected if not set.
+
 #### detour
 
 !!! question "Since sing-box 1.14.0"

docs/configuration/shared/certificate-provider/acme.zh.md

@@ -6,6 +6,7 @@ icon: material/new-box
 
     :material-plus: [account_key](#account_key)  
     :material-plus: [key_type](#key_type)  
+    :material-plus: [profile](#profile)  
     :material-plus: [detour](#detour)
 
 # ACME
@@ -37,6 +38,7 @@ icon: material/new-box
   },
   "dns01_challenge": {},
   "key_type": "",
+  "profile": "",
   "detour": ""
 }
 ```
@@ -136,6 +138,16 @@ ACME DNS01 质询字段。如果配置，将禁用其他质询方法。
 | `rsa2048` | RSA     |
 | `rsa4096` | RSA     |
 
+#### profile
+
+!!! question "自 sing-box 1.14.0 起"
+
+用于证书订单的 ACME 配置文件名称。
+
+参阅 [ACME Profiles](https://datatracker.ietf.org/doc/draft-aaron-acme-profiles/)。
+
+当使用 Let's Encrypt 且包含 IP 地址标识符时，如果未设置，将自动选择 `shortlived` 配置文件。
+
 #### detour
 
 !!! question "自 sing-box 1.14.0 起"