Assistance with Let's Encrypt and Owned Domain Behind ASUS Router

I currently have a working HTTPS connection to Home Assistant via the DuckDNS addon with NGINX performing the SSL proxy. I have my own public domain name that I wish to use instead.

I can normally sort these things out on my own, but I am having the hardest time. I have a domain that was recently moved from Google Domains to SquareSpace. Google Domains had the available API for the DNS challenge in Let’s Encrypt, but it does not appear that SquareSpace does.

What I want to do is point a subdomain (sub.domain.net) to my HA installation which is on a private network behind an Asus router. I can’t use the HTTP challenge because I can’t forward port 80 to HA without losing access to the router GUI.

I can access my HA installation externally using an alternative port that is forwarded to 8123 internally, but I’m at a loss on how to get the secure SSL connection over HTTPS to function with a working cert.

I was thinking that maybe there was a way to use port triggering on the router to temporarily forward port 80 to HA for the HTTP challenge, but I’m not sure how to set that up.

Additionally, SquareSpace provides a free SSL cert for my root domain (domain.net) but I don’t think I can access it for HA.