ISPConfig makes it difficult to send an e-mail to be interpreted by the local server. All e-mail addresses are handled by the information in the database. In order to do this, you need to create an alias to an e-mail alias on localhost.
something "|/full/path/to/script parameter parameter"
newaliases ; service postfix reload
At this point, anything sent to something@localhost will be executed on the server by the command /full/path/to/script
ISPConfig3 has support for using Certbot with its web sites. However, it is more difficult to get the certbot to work with your mail/ftp/whatever, including the control panel. User ahrasis wrote a very nice article on this. Actually, he says it best, so I'll leave it up to him
https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/