Guideline for using acme.sh and reverse proxy

I am not able to use dietpi-letenscrypt tool for getting ssl certificate, instead of I have to use "acme.sh” ( https://github.com/acmesh-official/acme.sh/wiki/dnsapi ) the reason is I want dns validation (not http) for my domain with wild card & without opening any port on router.

Also if any expert advice me how I can make use of this wildcard domain with dietpi system & able to access my only these four apps via https requests (adguard.abc.xyz, homeassistant.abc.xyz, vaultwarden.abc.xyz, plex.abc.xyz) . I want to consume minimum resources as the dietpi continuing approach. I do not want to add docker or any heavy program for this task. Please any expert make guideline process for these requirement as in future many people can use this approach. Or instead of vaultwarden selfsigned certificate by default this mechanism can utilize for getting letenscrypt certificates.

I am able to install acme.sh and able to get wild card ssl certificate received for my domain. In my zerossl account i am able to see my wildcard domain certificate. please guide me now to divert via dietpi system.
plex.abc.xyz>192.168.1.90:32400
adguard.abc.xyz>192.168.1.90:8083
homeassistant.abc.xyz>192.168.1.74:8123
thanks in advance.

or minimum please guide me i can use https with my already obtained ssl certificates

https://home.abc.xyz:32400
https://home.abc.xyz:8083
https://home.abc.xyz:8123

partial certbot "set Redirect to ON " functionality
so that all http requests forcefully forward to https requests.