According to
https://letsencrypt.org/docs/client-options/ dehydrated is compatible.
Few thoughts
- This could be time to use some registrar api to populate the dns validation
- we could stop validating hosts , would be faster and less risks of failure on a not well configured subdomain
- we could start looking at one cert per domain /per virtualhost. Just have to decide then which one to use for imap pop and smtp. Probably the primary domain...
Fyi : 2 more releases since our import of v5