Sorry for the miss…
I’m running a nextcloud server listening on port 8443. I use a dynamic DNS from noip.com. Since I have DHCP setup, my ISP provider blocks me from using port 80 & 443. I use certbot client.
Let’s Encrypt requires ports 80/443 for it’s challenge - so you won’t be able to use certbot.
There is another way which allows you do obtain a certificate by adding the token into your DNS records as proof of ownership / control. The Bash and GO alternative clients support this, currently certbot doesn’t though.