Then you won't be able to get a certificate. Let's Encrypt only issues certificates for public domain names.
You should use whichever method best matches your infrastructure. I'm using DNS validation with Cloudflare, but if you aren't using Cloudflare as your DNS host (and can't or don't want to switch), that won't work.
You enter it wherever is appropriate for the validation method you've chosen--there are dozens of possibilities depending on which one you've chosen.
The pfSense documentation itself (the link I gave in my first reply) is pretty good. Otherwise, googling for "pfsense acme package" comes up with a number of other guides.