The HTTP solver is handy, and fast in most cases but I think we should move over to using the DNS validator by default.
It can take longer sometimes due to DNS caching, but it is a bit less complex and there are things you just can’t do with the HTTP version, like the chicken-and-egg situation if you need to migrate a domain but you can’t host the validator endpoint on the domain because you haven’t migrated it yet.
This should be easy enough because we already set up the DNS solver as a cluster issuer called clusterissuer-letsencrypt-production-dns. It would require changing the backend projects to use that by modifying the ingress annotation, and then need some testing to make sure it's working. If it works alright, the only change required to this repo would be updating the user-auth ingress to also use the DNS solver.