Also interested in this (as hosting provider). The goal here would be to provide certificates for all customer web pages BUT also for all services like smtp, imap, pop3, ftp and sql subdomains (thread about non-web usage is here Use on non-web servers?).
Validation via dns would be easiest to implement (but letsencrypt won’t support it initially), so the other solution is to globally DNAT (at edge of our network) all traffic coming from letsencrypt IP addresses to our single server that would provide all required files/data on 80 port. That should be easy to implement and wouldn’t disrupt normal customer usage, wouldn’t require putting any files into customer web files folders etc. Not sure if this will work though… need to read ACME docs first.