Unfortunately (and fortunately), the answer is no and this will never be possible.
The LetsEncrypt certificates that you can easily obtain are always non-CA certificates. Deep packet inspection requires a CA (certificate authority) certificate. You'll notice this distinction when you see the way certificates are grouped in System / Certificates. The "Local Certificates" section contains certificates that can be only used to sign specific websites or services (e.g. SSL VPN). The "Remote CA Certificate" section contains certificates that can be used to sign/issue subordinate certificates, as Deep Packet Inspection does on the fly when it does man-in-the-middle on client HTTPS connections.
If it were that simple to obtain a free LetsEncrypt CA certificate that could be used to create certificates for any domain that are implicitly trusted by all devices I think you can imagine how this would completely undermine the entire certificate trust model. It would allow anyone upstream of you to do a man-in-the-middle attack on your traffic and you would not see any warnings (like the warnings you see on guest devices without the FortiGate CA certificate in their Trusted CAs). This power is restricted to just a few major 3rd parties (IdenTrust, DigiCert, Sectigo, etc.) and it's technically a good thing that it requires some effort to insert self-signed CA certificate on devices to disable these intentional warnings.
It's an admirable goal to do deep packet inspection on unmanaged guest devices, but it's never going to be as easy as on managed corporate devices.