Lets encrypt and Rancher

Quick question.
So in our set up we have rancher in a server and want to have it locked down. So in order to so, we create a fake domain in the server and we access the server from the internal DNS resolver. Let’s say that the domain is rancher.fakedomain.com. We have a load balancer that points to rancher and a public domain of app.realdomain.com. We want to provision future apps with let’s encrypt. Is it going to be a problem that the rancher instance its self is none existent? Or would we have to do self signed certs and then install cert-manager as an app in the cluster?