I think it has gotten a little bit embarrassing that we have had to refer users to other ACME clients in order to successfully use DNS validation, due to the limitations of certbot-auto’s packaging.
I’ve written a guide for those who wish to use certbot-auto with DNS renewal, using Lexicon for the authentication part.
The blog post is here:
As an aside, I think the Certbot docs really need to document a single successful path to use DNS validation - at the moment it is a bit hard to read between the lines/base it off the Cloudflare example.
Hopefully assisted-dns-01 lands some day and saves all this pain anyway