I wonder whether you can add options for using port 80 or 443 in your software, just like the plugin “Standalone”:
To obtain a cert using a “standalone” webserver, you can use the standalone plugin by including certonly and --standalone on the command line. This plugin needs to bind to port 80 or 443 in order to perform domain validation, so you may need to stop your existing webserver. To control which port the plugin uses, include one of the options shown below on the command line.
–standalone-supported-challenges http-01 to use port 80
–standalone-supported-challenges tls-sni-01 to use port 443
so that the web servers with blocked port 80 can receive certs through port 443.