From what I’ve seen/read, the letsencrypt client has a built in webserver which is listening to the domein. It then polls the domein on the port the client is listening to. If it works, it’s your domain. (someone elses domain wouldn’t point to your server, you see?)