In this case you'll need to use the DNS-01 validation method for the domain issuance, not HTTP-01 (because local.mydomain.com won't be able to receive an inbound validation connection from Let's Encrypt).
There's various tricks. You can also assign the domain to a static IP long enough to verify your ownership then change it. Using a TXT record is probably easier to automate renewal though.