As a sidenote, for security reasons, DNS-01 is best implemented by delegating the _acme-challenge DNS record onto a secondary DNS server. The acme-dns (GitHub - joohoi/acme-dns: Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.) project was designed to support this.
I believe acme.sh also supports TLS-ALPN-01