It’s all in the HA docs:
If you don’t want to open ports on your router you could also use Cloudflared instead of LE