Let’s Encrypt does work with IDNs these days, but I am not sure which form you should type into a tool like Certbot to identify your domain. Because the two forms are just different ways of writing the same thing under the hood, I think it will be OK to just try one, and if that doesn’t work (error message) try the other. You should make sure you have a recent version of whatever Let’s Encrypt client (e.g. acme.sh or Certbot) you are using, as older clients are known to have problems with IDNs.
Internally all X.509 certificates for the Web PKI must use the ACE form you describe, because the encoding used inside the certificate does not support full Unicode. The client software (e.g. web browser) may convert back into a more human readable form for display.