The standalone authenticator still requires (1) installing/running the letsencrypt client on your production server, (2) letting it run as root, and (3) letting it access your private keys. My script requires none of these things.