Set up a website with the same host name as the access server, then run certbot to acquire set up the certificate.
Go to /etc/letsencrypt/live/<hostname>/ and get the fullchain.pem, cert.pem, and privkey.pem files. (Copy them into your home folder and then download them to your PC using an SFTP client, for example)
Then enter the Access Server admin panel, go to Configuration/Web Server and select the certificate files as follows.
Click Validate and make sure the Validation Results/Hostname section says Successful Match. Then click Save at the bottom of the page.