We are looking to do dns auth. We currently host our own dns with cpanel dns servers.
We are able to validate using http but do not want the http ports open.
I haven't seen an obvious way to have the Acmev2 client on the windows server update the txt record in the dns hosted with cpanel?
Which client is that exactly? It doesn't sound as a name for an ACME client. usually, "acmev2" is the name for the current ACME API from Let's Encrypt (because v1 was the draft and v2 the finalized RFC).
Also: are your cPanel DNS servers accessible from the public internet? Because any challenge needs to be validated over the public internet by the Let's Encrypt validation servers.
Also also note that that there's absolutely nothing wrong with keeping port 80 open, see Best Practice - Keep Port 80 Open - Let's Encrypt for more info.
Im using win-acme for the client.
Cpanel dns servers are accessible from the internet.
I have many security reasons why I don't want port 80 open on these servers. Which is why i'm trying to sort out the dns auth method.
I don't see a cPanel DNS option when I look at win-acme.
There's an option to use custom scripts (see win-acme) and it suggests looking at Posh-ACME for useful scripts (but has a dead link). Posh-ACME itself doesn't seem to include a script for cPanel either, but a user on Github who opened an issue (cPanel plugin works for LE_STAGE but not for LE_PROD · Issue #376 · rmbolger/Posh-ACME · GitHub) on the Posh-ACME repo about some trouble with their own written cPanel plugin. Maybe you could rewrite that plugin to work with win-acme? And you'd need to fix the error the user of that issue was having too.. And you might be on your own for all that rewriting and fixing 
Not sure if there are that many win-acme users with cPanel on this Community.
I guess the other option is to setup a dns server and do the cname over to a auth domain.
One often uses acme-dns for that, a relatively "single purpose" DNS server with a REST API to add/remove TXT RRs.