I've had a look (used) at the let's encrypt project. it allows everyone to obtain (free) certificates for their website (and other services).
To retrieve a certificate, they require you to validate that you actually control the service/domain.
Two methods exist that allow this validation.
1) Place a challenge accessible on your web site. Port 80 or 433, so the let's encrypt servers can validate that you control the server the certificate points to.
2) Place a challenge inside a TXT record. This has the added advantage that validation can happen for services other then webservers running on port 80/443. (I'm thinking of VPN, alternative port webservers, media servers etc etc).
Validity of let's encrypt certificates is 90 days. Thus renewing of certificates can happen +- every 60 days. Automation is a must.
I would like to use this functionality (DNS validation) for my HE hosted domain. (I believe this question will become more and more frequent)
To make a long story short, can you please extend the dynamic DNS functionality to TXT records? This will allow me to script an update of a TXT record so validation can happen.
(Some more info https://letsencrypt.github.io/acme-spec/#rfc.section.7.4
PS: Thank you for providing me with great dynamic DNS for years!