+1

I use acme-dns and it works very well. It’s a basic DNS server that only serves the Let’s Encrypt DNS challenges - it only allows clients to create TXT records, in the exact format that Let’s Encrypt needs. This is great for security as you don’t have to give Certbot/whatever full access to your main DNS servers.

Let’s Encrypt is fine with IPv6-only DNS servers, so I have acme-dns running on one of my VPSes only over IPv6 (since I’m using the IPv4 for my regular DNS server).