I have a self-signed cert and valid domain where I can access. This web app is run as a service in in a shell access ubuntu server at 8080 port. I tried to follow certbot's webpage steps in order to convert this web completely secure (validate self-signed cert I have) but, a problem happened:
Your self signed certificate is your self signed certificate. You can get another one from Let's Encrypt (using the same private key, eventually, but you should have no reason to want this), but it will be another certificate.
Your validation probably fails because you cannot validate on port 8080. Http validation only works on port 80.
After you validate, what port you run your service on is entirely up to you.
If your service is running on another port and your port 80 is free, you can use the standalone plugin to spawn a bespoke webserver that will do the validation and then die.
(And you can specify the port on which it listens, but the verification bots will only connect on 80)
The use of these selected ports is mandated by the CA/Browser Forum Baseline Requirements. Only a few ports are allowed, of which Let's Encrypt offers port 80 (http-01 challenge), port 443 (tls-alpn-01 challenge) and port 53 (dns-01 challenge).