You could choose to put these OpenSSL commands in a script and then run that script as a --post-hook.
Using the DNS challenge is another, well, challenge. It depends on how you are going to make changes to your DNS zone, which depends on how your DNS is hosted. Certbot has historically not been very strong in this area, often requiring manual scripting, but recently one of the developers has added some improved support for DNS provider APIs which makes using Certbot with the DNS challenge more convenient in some cases. Still, the way to do it depends entirely on what you have to do to update your DNS records.
Thanks a lot for this answer.
Actually, the conversion problem is the least, for the moment.
I would like to request and export an certificate using the DNS challenge, interactively. The goal is not to automate the whole process.
I plan to make the changes and add the TXT records by hand, when requested by the wizard.