I have a VPS machine hiding behind a proxy server as a DDOS protection. So my domains A records are pointing to the proxy server IP instead of my machine.
For this to work with LE I need to send the certificates files to the proxy server company which is fine so far. But since LE expires every 90 days, I should renew and send the files again every 90 days.
I would suggest asking them to create an API to upload them, or else writing a script to automatically send e-mail attachments to the company as a renewal hook (for example, if you’re using Certbot, you could run such a script with --deploy-hook).