Hi,
When i try to issue an certificate for *.example1.com and *.example2.com with DNS alias mode enabled the CN name could not be verified.
It looks like the ACME client is generating twice a txt to the DNS alias provider.
This should be one so the cname record on example1 and 2 is the same and could be verified.
Temp solution
When issuing a certificate without an alternate name set it works.
Right after that adding the alternate name again is works! (Because the first domain is already verified.)
After all it was DuckDNS which doesnt support multiple txt records!
Now using "desec.io" and everything is working fine!