Let’s Encrypt requires ports 80/443 for it’s challenge - so you won’t be able to use certbot.
There is another way which allows you do obtain a certificate by adding the token into your DNS records as proof of ownership / control. The Bash and GO alternative clients support this, currently certbot doesn’t though.