close. You created the default config file for the domain you want a cert for I assume ( getssl -c domain.com). unless you have any additional domain names you want on the same cert then you don't need to add anything to SANS.
Yes, if you're listening on a non-standard port for http - then you will need to use the DNS challenge.
You will need to uncomment the VALIDATE_VIA_DNS="true" but it's also expecting the DNS_ADD_COMMAND= and DNS_DEL_COMMAND= to be set ( for automation ). The easiest is to download and install somewhere the short script files https://github.com/srvrco/getssl/blob/master/dns_scripts/dns_add_manual abd https://github.com/srvrco/getssl/blob/master/dns_scripts/dns_del_manual which you can then link to in the config. They simply print out on the screen what you need to do - then once done, and working, just press return to continue the process.