I manage most of my domains using my own nameservers, running BIND9 on two Debian VPS located in Italy (master) and France (slave). Until now, I’ve been changing the DNS records by SSHing into the machine and editing the zone file by hand. This worked fine since I rarely needed to change any DNS records. Then earlier this year, Let’s Encrypt put the ACME v2 endpoint into production which allows users to obtain wildcard certificates using the DNS challenge.