Traefik uses lego to handle ACME.
lego tries to be smart with the creation of the TXT record, so there is a system to find the best place (zone) to store this record by doing some SOA calls.
If you provide a resolver, even if it's a local DNS server, that be able to respond to the SOA calls, the problem will be solved.
I don't know how pfsense works, so I will not be able to help you with that part.