certbot / letsencrypt cert renewal via dns challenge

1. $ cat /etc/letsencrypt/renewal/example.com.conf
2.     # renew_before_expiry = 30 days
3.     version = 0.24.0
4.     archive_dir = /etc/letsencrypt/archive/example.com
5.     cert = /etc/letsencrypt/live/example.com/cert.pem
6.     privkey = /etc/letsencrypt/live/example.com/privkey.pem
7.     chain = /etc/letsencrypt/live/example.com/chain.pem
8.     fullchain = /etc/letsencrypt/live/example.com/fullchain.pem
9.  
10.     # Options used in the renewal process
11.     [renewalparams]
12.     account = {account name here}
13.     pref_challs = dns-01,
14.     authenticator = manual
15.     installer = None
16.     manual_public_ip_logging_ok = True
17.  
18. # >>>
19.     manual_auth_hook = /usr/local/sbin/certbot-hook-auth-example.com
20.     manual_cleanup_hook = /usr/local/sbin/certbot-hook-cleanup-example.com
21. # <<<
22.  
23. ################################################################################
24.  
25. $ ls -l /usr/local/sbin/certbot-*-example.com
26.     /usr/local/sbin/certbot-hook-auth-example.com -> certbot-manual-local-isc-bind
27.     /usr/local/sbin/certbot-hook-cleanup-example.com -> certbot-manual-local-isc-bind
28.  
29. ################################################################################
30.  
31. $ cat /usr/local/sbin/certbot-manual-local-isc-bind
32.  
33.     #!/bin/sh
34.     X=/dev/null
35.  
36.     set -e # fail fast in case of (any) error
37.  
38.     D=${CERTBOT_DOMAIN}
39.     [ -n "$D" ] # required env var
40.  
41.     F="/etc/bind/db.$D-letsencrypt"
42.     [ -f "$F" ] # file must exist
43.  
44.     V=''
45.     A=$(basename "$0"); case "$A" in
46.     "certbot-hook-auth-$D")
47.         V=${CERTBOT_VALIDATION}
48.         [ -n "$V" ] # required env var
49.     ;;
50.     "certbot-hook-cleanup-$D")
51.         V="o_0 oops! (= there's # no \$ interesting \\\" data"
52.     ;;
53.     *) exit 1 ;;
54.     esac
55.  
56.     rndc zonestatus "$D" 0<$X 1>$X 2>$X
57.     rndc reload "$D" 0<$X 1>$X 2>$X
58.  
59.     echo "_acme-challenge 300 IN TXT \"$V\"" > "$F"
60.     touch "$F"
61.     rndc reload "$D" 0<$X 1>$X 2>$X
62.  
63. ################################################################################
64.  
65. $ grep -F CAA /etc/bind/db.example.com
66.  
67.     IN  CAA 0 issue "letsencrypt.org"
68.     IN  CAA 0 issuewild ";"
69.  
70. ################################################################################
71.  
72. $ grep -F example.com-letsencrypt /etc/bind/db.example.com
73.  
74.     $INCLUDE /etc/bind/db.example.com-letsencrypt