Acme-dns is a self-hosted limited DNS server, designed to act as a proxy for DNS challenge validation in order to get the benefits of the automation and not being forced to save DNS zone credentials locally on every server that needs to automate this.
To simplify the process from the client perspective, I just pushed a Certbot validation hook that can be used on the client side. It automatically registers an acme-dns account and prompts user to point the CNAME record towards it. These credentials only allow modification of a single TXT record, and hence are safe to store on the server. So on the initial run the account is created and credentials are stored for automated non-interactive renewals when the certificates near the end of the validity period.
To make it short, it’s like manual validation, but the DNS records have to be modified only once, on the initial run, everything after that is automatic and no zone credentials get stored on the server.
The Certbot client hook can be found at https://github.com/joohoi/acme-dns-certbot