Server SSL and the package its built on now support the DNS-01 challenge
Currently It only has a provider for Cloud Flare but others could be added easily.
let dnsProvider = {
name: "Cloud Flare",
token: "apiTokenWithDnsEditPermission",
zone: "zoneId" // optional if it cant be found automatically.
}
I'll probably change it to load the dnsProvider from a json config file but for now you provide the dnsProvider object inside server-ssl
Issuing a wild card certificate
You can integrate this into your existing server if you don't want to use server-ssl