[JonathanBeuys]

HTTPS is still a pain in the ass, even in 2024.

If letsencrypt would offer wildcard certificates with their url based authentification as they offer for non-wildcard certificates, it would be ok.

But having to tinker with the DNS infrastructure for each project which wants to use domain wide HTTPS is so much hassle.

[lgeorget]

It depends on your provider though. I can tell from experience that with OVH and their API, it's been easy to set up the automatic renewal via DNS verification. Apparently, the official client has support for the DNS API of 159 providers: https://github.com/acmesh-official/acme.sh/wiki/dnsapi

[8organicbits]

What's the challenge for you? Does your DNS server not have an API, is it internal politics and process, or something else?