If it is the same server and the vhosts are “otherwise identical”…
If the two names provide the same content, you could just use the one single name and one single vhost config with one single cert.
That will require outsmarting the internal systems that want to reach the outside IP.
For that you can use split DNS.
[where the Internet resolves the name to one IP, while your internal systems resolve the same name to another (internal) IP].
A NAT trick called “hair pinning”.
[where the outbound NAT router hides your “outbound” connection to that “outside IP” but actually also translates the destination IP and forwards the connection to the “inside IP” of the server (never reaching the Internet - never leaving you local network).
But to answer your question…:
That depends entirely on what you mean by “private name”.
If you mean NOT even close to a real domain (like: server.internal-zone), then that won’t be possible using LE as your CA. [and probably not from any other CA either]
If you mean that the name is NOT resolvable via Internet DNS but it is in a real domain format of a domain you control (like: internal-server.myreal.zone), then you could get a cert for it.
[but you will have to use DNS authentication - HTTP auth will fail as there is no Internet HTTP site reachable]