Cert Man stores all certificates in /etc/asterisk/keys (configurable in advanced settings) and the default cert in the /integration folder there. I haven’t tried this, but you could create a self signed cert in certman, and then overwrite the files generated with your own files, so there would be a GUI entry you can use. You can also use the CLI to set the default cert, so every time you update the cert files externally, you would run fwconsole certificate --default=x to update the default cert files.
There is also these custom firewall rules that allow world access to the LE validation files, without allowing world access to anything else: Let's Encrypt Certificate renewals failing