Not that I know of. But I don't know if it is necessary because Let's Encrypt would require someway to validate the domain name used. So, a self-signed certificate from certbot would be the same as the auto-generated self-signed certificate.
But let's say you have access to change the domain name records of example.com and had certbot installed.
pihole.toml instructs
Path to the TLS (SSL) certificate file. This option is only required when at least one of webserver.port is TLS. The file must be in PEM format, and it must have both, private key and certificate (the *.pem file created must contain a 'CERTIFICATE' section as well as a 'RSA PRIVATE KEY' section).
The *.pem file can be created using
cp server.crt server.pem
cat server.key >> server.pem
if you have these files instead
Possible values are:
<valid TLS certificate file (*.pem)>
cert = "/etc/pihole/tls.pem"
In your local terminal run:
certbot certonly --manual -d pihole.example.com --agree-tos --preferred-challenges dns-01
Follow the prompts and DNS challenge.
Certbot will then generate files at (check certbot output for paths):
/etc/letsencrypt/live/pihole.example.com/fullchain.pem
/etc/letsencrypt/live/pihole.example.com/privkey.pem
sudo cat /etc/letsencrypt/live/pihole.example.com/fullchain.pem
/etc/letsencrypt/live/pihole.example.com/privkey.pem > /etc/pihole/server.pem
Then, update pihole.toml at
sudo nano /etc/pihole/pihole.toml
replace domain = "pi.hole" with domain = "pihole.example.com"
replace cert="/etc/pihole/tls.pem" with cert = "/etc/pihole/server.pem"
sudo pihole restartdns
Next, find someway to locally resolve pihole.example.com to your local computer. One way is to add a local DNS record under settings for pihole.example.com to IP of your pihole.
Tada - browsing to pihole.example.com shows the happy lock!
(Because it is certonly and you have to concatenate, it won't automatically refresh, and you'll have to do this again every three months.)