You do need a least an account with your DNS provider (and an API key). But seeing that you use certbot you should already have that.
You can use “third-party” ACME clients (like certbot or acme.sh) to create/renew certificates and deploy them to TrueNAS using the TrueNAS API. See this guide and script created by @dan for more information.
Personally, I am using the shell Authenticator option with a custom script for my DNS provider. I can share that script, but I don’t think you have the same DNS provider as me. Maintaining your own script probably doesn’t count as “low friction”.