Sorry man, I just added a up top to warn others. Been a couple of years since the last post!
You’ll need both to get it working properly. The let’s encrypt add-on has a DNS challenge option so you don’t have to open port 80 to get the cert.
You’ll have to set an automation to renew the certs, the add-on doesn’t do it automatically: