We have a custom (i.e. branded) access URL and currently have a SSL cert from RapidSSL which will be expiring soon. We use SSL certificates from Let's Encrypt (letsencrypt.org) for all of our other SSL certificate needs, and use Certbot to install them with the option to auto-renew.
We would prefer to use the certificate from letsencrypt but it is my understanding that you may need to request the certificate on our behalf. Is that possible?