lets encrypt – Is it possible to generate a LetsEncrypt certificate for a private subdomain if the domain is public?

I have a server running on a private subdomain, server.internal.mydomain.com

mydomain.com is public but internal.mydomain.com is not.

I’ve used CertBot to generate a certificate for *.mydomain.com but if I try to expand this to include *.internal.mydomain.com the DNS challenge fails because LetsEncrypt cannot reach this domain. I have tried running both:

sudo certbot certonly --manual --preferred-challenges=dns -d *.mydomain.com -d *.internal.mydomain.com
sudo certbot certonly --manual --preferred-challenges=dns -d *.mydomain.com -d server.internal.mydomain.com

but these both require me to make a DNS record change that LetsEncrypt cannot see. Is there any way around this?