If your ISP doesn't block port 443 (HTTPS), you could try use the the "TLS-ALPN" challenge type. You will need to port forward port 443 first.
Certbot doesn't support it, but other clients like acme.sh do.
acme.sh --issue --alpn --pre-hook "service apache2 stop" --post-hook "service apache2 start" -d setzco.dyndns.org
The DNS challenge might be an option as well, but I have a hard time remembering whether dyndns/Oracle Dyn is supported by clients, and on what free/paid plans it is supported.