Solved it myself. The solution was to use the DNS-01 Challenge with certbot.
With this approach you need to create a TXT Record for the domain you want to secure and add a key that you get from certbot as a value for the TXT Record. Certbot then validates your domain ownership by reading the key from the TXT Record. This is how it worked:
First I ran this command:
sudo certbot -d mysubdomain.mydomain.com --manual --preferred-challenges dns certonly
which returns a subdomain that looks like this: _acme-challenge.mysubdomain and a key that looks like this: M7MsmY-YywYddXfAVwaKje...
Then I created a TXT Record for mydomain.com with these values:
Type: TXT Record
Host: _acme-challenge.mysubdomain
Value: M7MsmY-YywYje...
I used the web interface of my domain registrar to create the TXT Record.
It took some time for TXT record to become publicly available. I used this command on my laptop to check if the TXT Record was ready:
dig -t txt _acme-challenge.mysubdomain.mydomain.com +short
It's ready as soon as it returns the key. When it's ready you can go back to the certbot terminal window and hit ENTER to start the validation process.
If everything works out certbot saves the certificate/privatekey under:
/etc/letsencrypt/live/mysubdomain.mydomain.com/
You can create a secure route with the new certifacate/privatekey like this:
sudo oc create route edge my-route-name \
--service=my-service \
--cert=/etc/letsencrypt/live/mysubdomain.mydomain.com/fullchain.pem \
--key=/etc/letsencrypt/live/mysubdomain.mydomain.com/privkey.pem \
--hostname=mysubdomain.mydomain.com \
--insecure-policy=Redirect -n my-project
