Does Certbot support CNAME challenge? How does CNAME validation work vs DNS-01?

Title:
Does Certbot support CNAME challenge? How does CNAME validation work vs DNS-01?

I’m confused about how CNAME-based validation works with ACME/Certbot.

1. Does Certbot support a “CNAME challenge” directly, or only DNS-01 (TXT)?
2. In some REST API-based certificate services, I see a “CNAME validation” method where they give a host and target (CNAME record).
3. If I add that CNAME record in my domain DNS, will the CA automatically verify it without me adding a TXT record?

I’m trying to understand:

Is CNAME validation a separate challenge type, or just a variation of DNS-01?

How does this differ from the standard Certbot DNS-01 flow?

Any clear explanation would be really helpful.

Currently there is no "CNAME" challenge, but Let's Encrypt will follow a CNAME to complete a DNS challenge. So with a DNS challenge you are required to populate a TXT record with the label _acme-challenge.yourdomain.com.

You can use CNAME to point to a record in another DNS zone (e.g. one you can update automatically) and Let's Encrypt will follow it. Support for that between different clients (if they have DNS update support) will vary.

Let's Encrypt is an ACME Server. Other methods are allowed in the CA/Browser Baseline Requirements but LE is only ACME. Some other CA also support ACME, some use alternate options, and some provide both ACME and other.

Certbot is just one of many ACME Clients and works with a variety of ACME Servers.

See also: Challenge Types - Let's Encrypt

And this upcoming new challenge: DNS-PERSIST-01: A New Model for DNS-based Challenge Validation - Let's Encrypt