The token value you get from the server, for example:
[type] => dns-01
[status] => pending
[url] => https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/12071119164/El4v_Q
[token] => DcCSpjolz64RNghUn4tOepFn9xaoM26VyYcLX9wH1Yo
is not the value you have to set as the DNS record. You have to compute the value from the token like this:
keyAuthorization = token || '.' || base64url(Thumbprint(accountKey))
// see: https://datatracker.ietf.org/doc/html/rfc8555/#section-8.1
value = base64url_encode( sha256( keyAuthorization ) )
A client fulfills this challenge by constructing a key authorization
from the "token" value provided in the challenge and the client's
account key. The client then computes the SHA-256 digest [FIPS180-4]
of the key authorization.
The record provisioned to the DNS contains the base64url encoding of
this digest. The client constructs the validation domain name by
prepending the label "_acme-challenge" to the domain name being
validated, then provisions a TXT record with the digest value under
that name.
source: https://datatracker.ietf.org/doc/html/rfc8555/#section-8.4