Since you appear to be running both your client and DNS server on Windows, you might want to consider an using ACME client other than certbot especially since it will be dropping support for Windows in 2024.
I think most of the Windows clients can also interact with Windows DNS directly via Windows auth rather than using RFC2136.
If you're looking for another CLI option, I'm partial to Posh-ACME as the author. But win-acme is also popular. And if you'd rather have a more polished GUI, Certify Certificate Manager is a great choice.