If your server isn’t publicly accessible then Let’s Encrypt can’t verify that the DNS name resolves. If it were possible for servers to get Let’s Encrypt certificates without first verifying this, then all kinds of mischief would be possible.
Even if you can bodge this to temporarily get access and issue a certificate, it will fail for renewals.
VPN can’t help you here.
You’re going to need to either:
- ask your university if they operate a Certificate Authority and can issue the server a certificate
- buy a certificate (if you have the right to do so for the DNS name)
- operate without SSL