Switch from custom TLS to Okta managed certificates

Hi,
I have setup a custom domain with a self manaegd TLS certificate. Now I have figured out that Okta supports managed Let’s encrypt certificates and I would like to switch my custom domain to the Okta’s managed certificate.

Is there any best practice how to do that without any outage of my custom domain?
Once a certificate is setup, I cannot get a values for TXT DNS records so I cannot set them in advance before I click “remove domain” and cancel a currently working domain with self managed TLS.

Thanks for any advice,
Jiri