I would assume that you can add a label to a container, you can at least add a label to a Docker service.
Traefik EE supports clustered LetsEncrypt, I think they use consul for it.
You could also use a container behind Traefik for LE cert creation and to provide the certs, either as file or via http (proof of concept) or via consul.