I'm trying to create a certificate for 13 domains on a mail server with no web server. Port 80 is directed to another server that I don't have direct access to.
With wildcard certbot generates 26 _acme-challenge values that must be inserted into DNS.
On my DNS service this shouldn't be a big problem as they allow use of a template where all 26 can be inserted, except certbot only can handle 10 _acme-challenge values on the same domain.
If I didn't use the template I should insert the 26 values in 13 different DNS records. There is a high risk for cut/paste errors.
If it was the same _acme-challenge value set for all the domains in the same validation it would be much simpler, and I can't see how it would be less safe.
In my case with the DNS template I would only have to insert a single value to one DNS entry, and without template feature, you would have to update 13 records, but with the same _acme-challenge value i.e. smaller risk for cut/paste errors.