Then you won't be able to use the HTTP Challenge. The DNS Challenge or TLS-ALPN are options.
You should also look at the mod_md feature in Apache. It supports all 3 challenge types and you use that instead of Certbot. These are the 2.5 docs for Apache but it has been part of Apache since 2.4.30. A skilled Apache admin would probably even find this easier to use than Certbot. There is also a helpful github (link here)
Apache mod_md docs:
https://httpd.apache.org/docs/trunk/mod/mod_md.html