You cannot use regular lets encrypt challenge because there is no guarantee that requests from LetsEncrypt server will hit the very same node (traefik instance) which initiated cert request. There will be multiple fails. This can be easily solved using DNS challenge (LetsEncrypt validates challenge with dns records).
There is another "issue". Only one traefik instance is aware of certificate change. Other simply do not react to changes in acme.json file and still serve old certificate (or self signed if there was none). You can restart all traefik instances so after restart all certificates will be reread from file, but this seems not a good solution on production, because restating traefik means downtime and still until restart info between traefik instances is not synchronized.
From what I know, Enterprise Edition solves this problem.
From what I know th