This is something that I have always needed during major Convox migrations. The DNS provider allows LetsEncrypt to issue new SSL certs by validating a DNS record instead of making an HTTP request. This means that I can get the new servers ready to accept requests before switching over the DNS records, so that there is zero downtime.
I wrote about this here as well: Zero downtime SSL migration from v2 to v3 rack - #2 by nathan.f77
Support for the Cloudflare integration would be very helpful, since this is how I use the DNS challenges for cert-manager: Cloudflare - cert-manager Documentation
This would also be very helpful for blue/green deployments: Blue/green deployments for safe Convox release updates
(Unless there is an easy way to export the SSL certs and import them into a new EKS cluster?)