You must have traffic on ports 80 and 443 reach Caddy if you want to solve ACME HTTP and/or TLS-ALPN challenges.
Your alternative is to use the ACME DNS challenge, but that involves building Caddy with a plugin (pretty easy to do though) and connecting it to your DNS provider.
Really though, the easiest solution is to move away whatever you have running on those ports to another port, then use Caddy to proxy to it whatever was using 80 and 443 instead.
Also, I strongly recommend using subdomains for each of your services, not subpaths.