Mac OS X Server manages certificates in a unified manner between its various servers. So the procedure to add a certificate for the CardDAV server is the same as for the web server.
Here's a handy guide to automating certificate installation on Mac OS X Server.
Note that this guide requires using the Mac OS X Server web server in order to present the http-01 challenge file so Let's Encrypt can verify your ownership of the domain you request a certificate for. If you are unable or unwilling to use that, you would need to adjust the certbot commands in the guide to use standalone mode or DNS TXT authentication.