I use acme-tiny (with --acme-dir) and set up nginx to point the /.well-known/acme-challenge to a directory acme-tiny can write to.
It should be possible to do reverse proxying with nginx for whatever web server hosts the acme challenges..
+1, if you have just one server, it's merely a matter of adding
location /.well-known/acme-challenge/ {
alias {directory};
try_files $uri =404;
}
to the Nginx config of each site, then having a script on cron that generates the csr and calls acme_tiny. It's fairly easy to set up and you can be reasonably sure it won't screw up your site if it fails for some reason.