Currently, AutoSSL is designed to only issue certificates to servers that are hosting the website in question (checked via DCV test). This limitation has understandable advantages, but as a result, sites that route their DNS through CDNs are put at a significant disadvantage. Essentially, there is no way to auto-renew a certificate for a website in this position.
It is easy enough to temporarily disable the CDN, manually reissue the certificate, and then re-enable the CDN, but when managing a large number of sites, the need for an improved validation feature (perhaps DNS-based) becomes clear. I don't have any specific suggestions as to how the functionality could be implemented, but as CDNs are rapidly gaining in popularity, I imagine this will be a highly sought-after feature.