One inconvenience is that although RFC8657 explains how to tell a CA that it must use particular methods, the most obvious public CA (Let's Encrypt) has not shipped RFC8657 support. So you can write a CAA record which says "Only Let's Encrypt may issue" or indeed say "Only Sectigo may issue" but you cannot write a record which says e.g. "Only Let's Encrypt may issue, and they must use the tls-alpn-01 method". Or rather, you can write that record but it won't work.
Now, there are a bunch of things you could do about that, and I believe this cool toy does one of the obvious ones: Don't have any certificates for the problematic domain. The web site isn't in the domain you can mess with. But it would be nice if Let's Encrypt got to this, periodically I check so far each time somebody has pestered them for RFC 8657 recently, so I don't pile on since that's unhelpful.
Now, there are a bunch of things you could do about that, and I believe this cool toy does one of the obvious ones: Don't have any certificates for the problematic domain. The web site isn't in the domain you can mess with. But it would be nice if Let's Encrypt got to this, periodically I check so far each time somebody has pestered them for RFC 8657 recently, so I don't pile on since that's unhelpful.