// edit: @tialaramex answer is correct, I misread your question.
That's not possible, for some prior discussion see:
Using the DNS-01 challenge type does not require any open ports and is currently your only option if you're unable to use port 80 (with HTTP-01) and 443 (with TLS-SNI-01). The validation is performed through a TXT record you need to add to your DNS.
You'll need one of the alternative clients with DNS-01 support, such as lego.