Hi @andrewilley,
You may find Let's Encrypt inconvenient to use if you can't automate the certificate renewal process. Remember that our certificates only last for 90 days. Most people in your situation have used a web-based client like https://zerossl.com/ (which replicates something like the experience of using a conventional paid CA, but without requiring payment). However, they'll then have to repeat the process frequently.
The acme.sh client application has some API support for cPanel so if your hosting provider deliberately won't allow you to use the existing automated certificate support in cPanel, you might be able to use this method and still get automated renewal:
In that thread @Patches pointed to
which explains how to do this.