Cool! There's also certbot[0] and lego[1] which can do ACME-DNS with a range of providers beside CF. You could also do tls-alpn, which allows you to do do the challenger encrypted on another port. Sounds like DNS works fine for you, but it's primarily worth considering for those issuing certs for non-public names that shouldn't be broadcasted via public DNS.

[0]: https://github.com/certbot/certbot

[1]: https://github.com/go-acme/lego