I used the webroot method of obtaining a certificate using certbot. To do that though you need to expose a directory which letsencrypt accesses to verify that you own a server. This request includes a location block to allow this with instructions for use. I thought it might be helpful for someone in the same situation, but don't know how much or how little information pleroma needs to give about how to use certbot.