I have a DDNS name that I was planning to register with Let’s encrypt (firstdomain.com). On my internal network I have a private DNS server with a non-registered domain (seconddomain.com) and I am running an internal web server off of seconddomain.com. Can I put a the seconddomain.com in the alternative names field when registering the certificate or does it only allow subdomains from the firstdomain (e.g. foo.firstdomain.com, bar.firstdomain.com).
Yes you can but in your case you can't ;). I mean, yes, you can have a certificate issued by Let's Encrypt for several domains; domain1.comsub.domain1.com, doman2.net, sub.domain2.net, etc. no problem at all BUT in your case, the internal domain is not registered nor public available so there is no way from Let's Encrypt side to validate it so you can't include it.