In this case you'll need to use the DNS-01 validation method for the domain issuance, not HTTP-01 (because local.mydomain.com won't be able to receive an inbound validation connection from Let's Encrypt).
There's various tricks. You can also assign the domain to a static IP long enough to verify your ownership then change it. Using a TXT record is probably easier to automate renewal though.
Alternatively, what I do is to sign a wildcard cert for a subdomain plus *.subdomain valid for a couple years and putting the key and cert on my Nextcloud in an encrypted archive file, that way I always have access to a cert that I trust and can easily install on a local computer.