Hmm, Let’s Encrypt will give you a certificate that is strong enough to pass handshake requirements. The cipher that is used after the handshake isn’t up to the certificate. That’s up to the server configured to use the certificate.
I disabled TLS v1.1 and weaker, then ran some random vulnerability checker and disabled all ciphers it said were insecure. I don’t remember which ciphers those were.
For my version, the allowed ciphers are just a block of text delimited by a colon(:). To disable a cipher, you put an exclamation mark in front like: !MD5
I looked around and this checker seems to work fine for custom ports using SSL/TLS directly.
https://www.htbridge.com/ssl/
It’s up to you how far you follow its advice, but if it complains a lot, consider it.