Let's Encrypt DNS-PERSIST-01 Support

Good day

We would like to request if at all possible, that Let's Encrypt DNS-PERSIST-01 support be considered in the development roadmap.

TS Plus Remote Access app already supports Let’s Encrypt HTTP-01, however the problem in this case is that we need to allow HTTP/S ports from any source on the internet as there is no Let’s Encrypt IP range and source IPs are dynamic.
This creates a security concern as it bypasses perimeter access lists which is common practice considering this is a terminal application.

We could get around this normally by installing a publicly signed certificate, however the validation dates for this type of cert is expected to shorten to 47 days by 2029 (currently at 200 days now). This is to force automated certificate generation and management.

The Let's Encrypt DNS-PERSIST-01 service would rely on a single DNS record that does not need to change during the lifecycle of the renewal and is catered for scenarios where admins do not which to leave ports 80 & 443 open to the world just for the cert renewal process.

Your consideration here is appreciated and I am sure this would help with everyone who uses your product as well as yourselves as this would enable your customers to further secure your product.

Thanks,
Alick