I had run --manual and several help commands and read the docs of those letsencypt-auto/certbot-auto (old) clients that were installed in our hosts (after I got this task to make SSL-certs to our servers that were moved behind NAT-firewalls three days ago) and they did not have anything about DNS-veriification, also the advice given by @ahaw01 who actully answered this question had it written in incorrect format, which I actually corrected after finding out the arg/options that should be used.
Of course many things could have been searched and could have been done, but after having done a lot of search and experiments with those clients that we had and reading about in these forums that documentation is somwehat sparse on how to use DNS-based verification I decided to asked. And I was actully given an anwer that lead me to correct path and now we have the solution which you can see above.
Instead of you @Osiris OT commenting/complaining about how we found out the commands, you could have provided the correct format and arguments as an answer to the Q that was asked, which was more about the defails of the whole procedure to achieve DNS-based verificatiion of SSL:s with LetsEncrypt of which the generation of the challenge with any of the appropriate clients is just one part.
Just don't *blindly stare *at the words written here but try to understand why and for what they are written