Can Let’s Encrypt verify domain with self-signed certificate only?
Yes actually Certbot does not care if your server is only currently setup with a self-signed SSL cert it will still read your /.well-known/ directory (unless denied access) and be able to verify your ownership of the server and then issue a signed LE cert for your domain. This feature is not very well documented or advertised by Let’s Encrypt but they have publicly confirmed this is by design and they will continue to verify domains on self-signed certs, even if major browsers refuse to load those page (e.g. “your connection is not private” errors).