That’s right. Let’s Encrypt is not allowed by industry rules to issue a certificate for this case.
You can use a self-signed certificate on your internal network and add an exception to trust it in each browser that you use to connect to this service. (Or you can use an internal CA, but that’s probably a lot more work for just one service.) If you don’t know how to make a self-signed certificate, https://zerossl.com/ has a tool available to do it in a web browser (alongside the tools for obtaining Let’s Encrypt certificates).