Run ACME inside a Docker container, one instance (and credentials) for each domain name. Doesn't consume much resources. The real problem is IP addresses anyway, CT logs "thankfully" feed information to every bad actor in real time, which makes data mining trivially easy.
you dont even need a docker container to do that.
Agreed, that's just a personal preference thing of me. Harder to mess up and easier to route.