Letsencrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG). Basically it gives away SSL certificates, which are required to configure webservers to use HTTPS instead of HTTP for example.
If you’d like to obtain a wildcard certificate from Let’s Encrypt or run certbot on a machine other than your target webserver, you can use one of Certbot’s DNS plugins.
They support some DNS providers and a generic protocol if your DNS provider is not in the first list and it doesn't either support RFC 2136 you need to set the manual renewal of certificates. Keep in mind though that Let's Encrypt doesn't support HTTP validation for wildcard domains.
To do so you first need to install certbot. Of the different ways to do it, the cleanest for this case is to use docker (given that you're already using it and don't mind shutting down your web application service so that let's encrypt docker can bind to ports 80 or 443). I'd prefer not to bring down the service for this purpose. Even if it is just once each 2 months, because I feel that the automation of this process will be more difficult in the end. The option we have left is to install it with
pip but as we want a clean environment, it's better to use
pipx install certbot