Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
You can always generate a certificate on a different device using the dns-01 challenge if you have access to the DNS zone of the domain for which you want the certificate.
However, as @JuergenAuer already said: if you have a certificate, what can you actually do with it?
As an aside, I really don't recommend holding/using that domain unless you work at cisco, and if you do work for cisco I think you should be able to find someone internally to fix that for you and you should log a ticket with support
Locked down appliances can still be proxied behind another server if required, the appliance itself doesn't have to directly handle internet facing requests.