How about to try something like this:
ip=`dig +short myip.opendns.com @resolver1.opendns.com`
rev=`dig -x $ip | grep PTR | awk '{print $4}'`
if [ ! $rev == "" ]; then
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
/usr/local/src/certbot-auto certonly --agree-tos --renew-by-default -d $rev && cp -f /etc/letsencrypt/live/$rev/fullchain.pem /etc/pki/tls/certs/$rev.crt && cp -f /etc/letsencrypt/live/$rev/privkey.pem /etc/pki/tls/private/$rev.key && cp -f /etc/letsencrypt/live/$rev/chain.pem /etc/pki/tls/certs/$rev.bundle
else
standart cert creation from CWP
fi
If the IP of the user resolves to a domain (which is less likely to happen) the installer to create a green certificate for CWP:2031, if not - create standart CWP certificate.