Hi, no TLS-ALPN-01 is basically like a fancy version of http validation - it still means that your domain has to point to the same server running validation (i.e. the server with Certify on it) but the response is not an http response, its a specially crafted TLS conversation.
We are probably not going to support it until our services is full migrated to .net 6 (the 4.x version of .net commonly found on computers can’t work with tls in the way that’s required). You could possibly use win-acme to do TLS-ALP-01 because it’s a single exe built using .net core but I can’t help there
The solution you need is DNS validation, and if you don’t want to move to a DNS provider that has a supported API then you need to use DNS challenge delegation, this is where you create a CNAME (alias/redirection) record in DNS for each domain/subdomain that in turn points to a automated challenge validation service. The most common implementation of this is acme-dns (GitHub - joohoi/acme-dns: Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.) which you generally host yourself, but they also provide a hosted one to try out.
The problem with not hosting your acme-dns yourself is that there is a risk that the provider of that service would theoretically be able to generate certificates for your domain, if they wanted to (or if they lost control of their server to a bad guy) for as long as you have a CNAME pointing to their service. To that end, we recently introduced Certify DNS, which is a cloud hosted, managed, alternative implementation of acme-dns (currently free in beta, but will eventually be a small monthly fee): certifydns | Certify The Web Docs
So basically, try Certify DNS. You just need access to your DNS control panel to setup those initial CNAME records for each certificate, from there on it will all be automatic.