That's not certbot. That's the Let's Encrypt CA and the ACME protocol. If you want to see the http responses in action from Let's Encrypt for dns-01 challenges, I currently have my Open ACME website client in "debug mode" at openacme.org. You can submit a valid CSR and see the magic unfold to get an 
on things.
3 Likes