Hi @pradeipk, and welcome to the LE community forum
The first step is to choose an ACME client that works within your environment.
To that end:
If Internet HTTP [port 80] requests can't reach [nor can be made to reach] your Windows system, then you may be limited to DNS-01 authentication.
[hopefully HTTP can be made to reach it]
If so, you can use any Windows ACME client and run it in standalone mode to obtain the cert locally.
If not, and seeing as the domain is what it is, you may run into a bit of trouble trying to add TXT records in that DNS zone to validate the DNS-01 challenge.
The (first) first step (to complete certificate automation) is to ensure that the HTTP challenge requests can reach your server.
Acquiring a certificate and using it are two different things. You can use a domain validated certificate for anything with a fully qualified domain name (e.g. opcua.yourdomain.com) it doesn't have to be a website or a web server. Your service will have instructions on how to apply the certificate once you have it.
For ACME (Let's Encrypt) certificates you will likely need to use DNS validation to order your certificate as your host name will not correspond to a public web server.