We are using GoDaddy as the DNS provider for our domain. GoDaddy does not provide tools to let you automate using somebody else's certificates.
So, I want to delegate the _acme-challenge subdomain to Amazon Route 53.
From what I've read, there are two ways to do this: with NS records and with a CNAME record.
I think I understand how to do this with a NS records -- I create a new Route 53 hosted zone and record the NS servers it is using. Then back in GoDaddy, I create multiple NS records named _acme-challenge whose value is the name of the NS servers in the Route 53 hosted zone.
How does it work with a CNAME record? What would I point it to?