Domain for which certificate is asked for can have a CNAME, so we should check it.
If domain has a CNAME, create the challange TXT record in the alias domain.
This is useful in the scenario where a company like us is using some DNS provider
which is not supported dynamically. We can then create a CNAME for records like
_acme-challenge.example.com -> example.aws.hosted.com
So this will allow us getting cert for *.example.com with creating txt record in route53 for above exxample.
With async challenge Check, it is often happens,
that solver.Check() fails on first run after solver.Present()
Cert-manager then tries again, but starts with solver.Present(),
which not being idempotent right now fails on certain DNS providers.
This change swaps order of solver.Check() and solver.Present().
Check is not returning error if propagation not happened, it then
allows Present() to run.
In the current form, Present() will be spamming with errors,
but this doesn't stop Check from happening on every attempt,
so eventually Challenge can be verified and accepted. In the future,
Present() should be made idempotent.
If /etc/resolv.conf does not have any entries, then its unlikely
that the domain name representation of google's DNS would get
resolved too. Hence using IP address directly makes sense.
