Oh wow, this will make self-hosting so much easier! I have so far issued probably about 30 different API keys for my subdomain zones for services I host, which you then have to configure with ACME/Certbot. This reduces it to a simple DNS record change!
Oh... that's fantastic! It specifically addresses my concerns about needing DNS credentials accessible to scripts.
The article says it is for those who
> prefer to keep DNS updates and sensitive credentials out of their issuance path.
Oh wow, this will make self-hosting so much easier! I have so far issued probably about 30 different API keys for my subdomain zones for services I host, which you then have to configure with ACME/Certbot. This reduces it to a simple DNS record change!