timelordx
(timelordx)
2
One possible solution - you could run a self-hosted ACME-DNS server in your network. Caddy has a module for such server.
Then, in AD DNS, just delegate _acme-challenge.YOUR-DOMAIN via CNAME to such internal ACME-DNS server.
I get LE wildcard certs for my Caddy by using ACME-DNS SaaS, but you should be able to adjust it for the self-hosted ACME-DNS.