According my reading of the challenge specification [1] it shouldn't work. Notice that it says:
> 2. Query for TXT records for the validation domain name
Verify that the contents of one of the TXT records match the digest value
To me, this means that it should issue a query for TXT records only (not for ANY) and hence the server shouldn't even see your CNAME "redirector" record.
Thus, if your method works, either the server is wrongly implemented, there's a flaw in my reading comprehension, or the specification should be amended...
According my reading of the challenge specification [1] it shouldn't work. Notice that it says:
> 2. Query for TXT records for the validation domain name Verify that the contents of one of the TXT records match the digest value
To me, this means that it should issue a query for TXT records only (not for ANY) and hence the server shouldn't even see your CNAME "redirector" record.
Thus, if your method works, either the server is wrongly implemented, there's a flaw in my reading comprehension, or the specification should be amended...
[1] https://ietf-wg-acme.github.io/acme/draft-ietf-acme-acme.htm...