This has already been discussed in this issue: #5892 (comment) and the related pull request: #6025 (review) However, both of those have been closed and there seems to be no current issue to track this request.

In order to support DANE, a TLSA record is needed which needs to be updated every time the certificate changes (https://datatracker.ietf.org/doc/html/rfc6698). One way to avoid this is to disable the rotation of the private key which is not an ideal solution. Another option is to only use DANE-TA which also is not ideal.

Ideally, Caddy would use the existing DNS integrations to automatically create and rotate the TLSA entries whenever a new certificate is obtained. The deployment of the new certificate should be delayed until the new record has propagated.