https://challenges.addr.tools/

This is a service (optionally self-hosted) that provides an algorithmic way to do ACME dns-01 challenges via CNAME aliasing similar to acme-dns.

Users choose a custom passphrase which is hashed with SHA-224 and concatenated with challenges.addr.tools (or the self-hosted equivalent root) to make an FQDN. The user creates a CNAME for their _acme-challenge FQDN that points to the SHA-224 FQDN. Then the user (or our plugin) calls the API with the raw passphrase and the TXT value that needs to be set for the record.

The tricky part of making this work is that .NET doesn't have a native SHA-224 implementation. But we might be able to find something in BouncyCastle or maybe make a standalone PowerShell native implementation.