Validation needs to be performed on either port 80, 443 or via a special DNS record - this is called dns-01 and supported by a number of clients like lego or any of the clients in the bash category.
Other ports would not sufficiently demonstrate domain ownership, while anyone in control of port 80 or 443 is (practically speaking) indistinguishable from the domain owner.