You can request it with
certbot certonly --manual -d '*.mydomain.com'
or if you want to include the apex domain
mydomain.com too (which would not be covered by
*.mydomain.com because it only has one
certbot certonly --manual -d '*.mydomain.com' -d mydomain.com
Certbot will tell you the DNS TXT records to create to satisfy the challenges, and ask you to press Enter to continue when ready.
This is not great because this can only be renewed by re-running the same command. (The automated renewal command
certbot renew will give a note that a certificate obtained with
--manual can't be renewed with
certbot renew, because the renewal requires human intervention.) You will have a nicer experience if your DNS provider lets you make DNS updates from software via an API, and you can find Certbot integration for that API.