Domain registries can already get a certificate for your domain by changing the address to their own server temporarily and then doing ACME with LE. So no new vector is introduced by directly putting the cert in DNS.
Domain registries can already get a certificate for your domain by changing the address to their own server temporarily and then doing ACME with LE. So no new vector is introduced by directly putting the cert in DNS.