Originally, I came to this forum to solve my problem - this is what I found, so I am hoping others might benefit from this possible work-around).
The Joker FAQ details support for LE using certbot (joker.com/faq/books/jokercom-faq-en/page/lets-encrypt-ssl-certificates), but the solution is antiquated as the certbot authenticator plugin for Joker provided by dhull at github does not support multiple domains (see Issue #3 at github.com/dhull/certbot-dns-joker/issues/3 which details the underlying root problem), fortunately edegaudenzi 's fork of certbot-dns-joker repairs this limitation of the original plugin (available at github.com/edegaudenzi/certbot-dns-joker).
The current limitation for this solution is that the certbot-dns-joker must be manually installed as pip installs the failing version of this plugin. The steps I used to test this updated plugin are shown in issue #3 discussed above. For me, I only have one domain (and a +1 for the wildcard) - this plugin correctly adds 2 TXT records using the Joker endpoint API:
$ nslookup
> set type=TXT
> _acme-challenge.mydomain.com
Server: 172.16.1.1
Address: 172.16.1.1#53
Non-authoritative answer:
_acme-challenge.mydomain.com text = "4mCtahUcNTwGFKH-flWoQbLcafDqcWUJ0Y6ODXjC19o"
_acme-challenge.mydomain.com text = "uxgbTJgYHQGufwaGvbzEaRafZUytTRKVIEn9z35cCmc"
Authoritative answers can be found from:
Certbot can use the lego DNS support with the 3rd party dns-multi option although, personally, I think it's easier to just use lego directly. See: User Guide — Certbot 5.3.0.dev0 documentation
Thank you for the info, I started with acme.sh and migrated to certbot soon after and I have been certbot-myopic since. I will definitely check it out (lego).
I went down this path after reading about DNS-PERSIST-01 and I wanted to be at the "latest - n - greatest" so I could take advantage of this when this new feature comes alive.
For recent major features lego has gotten them well before Certbot. For example, it had ARI support maybe a year or more before Certbot (I didn't look up exact dates). Lego also already supports IP addresses in the cert even though Let's Encrypt has not released that to the public yet (just g/a on Staging) but will be available soon.
If you prefer Certbot and are not a pip wizard you could look at its dns-multi. That uses the snap install for Certbot so may be easier to stay current.
That said, dns-persist looks to me like it uses a one-time manual change to the DNS so these dynamic TXT records each renewal won't be needed. In case you hadn't seen it there was some info at this blog post (ignore the title): Decreasing Certificate Lifetimes to 45 Days - Let's Encrypt