To be honest LetsEncrypt doesn’t always work for every situation and this may be one of those
A) Think about using DNS rather TLS challenges
B) Consider the effort required to renew 200 certificates
C) Time and effort required to programmatically allow 200 authorizations.
Depending on what your time frames you may need to look at alternatives such as a wildcard certificate from a CA who can issue these.
Remember Tomcat is a java application and requires the certs to be in the Java Key store so every 90 days you will need to reimport the certificate and I believe restart Tomcat.
A wildcard certificate can be issued for up to 3 years meaning you will only need to import the certificate once.
I do understand this is a Let’s Encrypt forum but I always believed in understanding strenghts and weaknesses of various technologies and applying the correct solution to the problem at hand