First you need to install certbot via their github repository.
Next, run this command line in the certbot folder:
./certbot-auto certonly --manual --preferred-challenges dns-01 --email firstname.lastname@example.org --server https://acme-v02.api.letsencrypt.org/directory --agree-tos --manual-public-ip-logging-ok -d domain.com -d *.domain.com -d *.sub.domain.com
Replace the email and the TLD with your informations.
Be carefull about multilevel subdomains, you need to wildcard each level as in the example command
You will need to manually update the DNS record of the given domain.
And it works!