It's obvious that commit broke dns-lexicon, but I don't see any checks next to that commit in the commit history. Some commits do have successful checks, some commits have broken checks, but are still committed.. Doesn't really look like a fool-proof system if you'd ask me.
FWIW, I just want to warn people this will likely continue to break and this install method (macports) is not officially supported - so you should keep an eye out with tests on your system to catch future breakage.
TLDR: The distro/macport ports are all ports/patches of the official certbot (and other package) source and are often designed to pick up other ports from the system first. the breaking packages could be installed from the distro package manager, or from the pypi/pip package manager (or even vendored); and could be installed into a user space, shared system space, or even vendored into the package. The Certbot devs have been pushing towards the snap installation method, in part, because that creates a nice and easily maintained sandboxed environment where the requirements can all be nicely managed. Currently Certbot supports Homebrew over Macports - at least for directions - but I don't know how long that will be for. Their team does not seem to want to support anything other than snapd, ASAP.
I often use a pip installed Certbot for local use of DNS-01 challenges. For my local usage pattern, and Python skill level, I'm not worried about potential breaks. If my usage pattern involved anything automated, I would absolutely have CI tests covering a build and a dry-run against staging of certbot and the necessary plugins.