Regarding DNS validation, if we don’t have a built in provider for your type of DNS you could also look at Certify DNS in case you haven’t already: Certify DNS | Certify The Web Docs
It is a service we run which provides dns challenge responses. You set up a special CNAME record pointing to our service, then you never need to make any more changes to your domains DNS for that cert.
It’s managed by us and is available as a subscription via Azure Marketplace or an annual license. While it is a small additional cost it also means you’re no longer having to perform manual dns updates for cert validation and you can use it with up to 500 different domains/subdomains.