So, you may have a range of options in this case.
① Contact your hosting provider's support and ask them to enable the feature in cPanel that supports Let's Encrypt. In that case you can do everything inside of cPanel without installing any additional software. Something like this is our preferred solution for most shared hosting.
② Use ssh to log in to the server and install some kind of client application on the command line. This will let you get a certificate in a file on your server account, and then you should be able to import that certificate using cPanel.
Using Certbot is possible for this, but it's not exactly what Certbot is optimized for. In another thread, there was a suggestion to consider using the acme.sh client instead because it has better cPanel installation support:
③ Use a web interface like https://www.zerossl.com/ and follow the steps that it prompts you to do. At the end, you'll get a certificate that you can save and then import into cPanel. This alternative is the simplest but doesn't provide any automation for renewal, so it would have to be repeated at least every three months.