Though MitM that way requires more steps than faking identity this way as you need to somehow get in the middle or redirect traffic towards you.
> I’d be much happier if proving domain control were only done through DNS challenges, but that ship has sailed.
Agreed.