From our observation these "few minutes ttls" are still a problem.
- issuing cert for c1.abc.mydomain.com - that works nicely
- issuing cert for c2.abc.mydomain.com like 10 seconds later - that fails because letsencrypt claims there are no acme records in abc.mydomain.com zone while they are, freshly added
Few minutes later - that 2) works.
Issuing service should be reliable operation and do not depend on caching. It isn't unfortunately which is bad.