Verifying by email is not possible, the options are for your web server to serve a specified file under /.well-known/acme-challenge/ (http-01), responding with a self-signed cert for a specified name ending in .acme.invalid (tls-sni-01) or creating a DNS TXT record with specified content for the _acme-challenge. subdomain (dns-01).
While Certbot is quite heavy there are a number of lightweight clients that may be more suitable for your environment, GetSSL is a good choice as it can be run locally uploading the certs and challenge files with SSH. Alternatively if you want a fully manual solution there are web based clients such as ZeroSSL or Get HTTPS for free, just remember that certs only last for 90 days so manual renewal can get tedious.