This has been discussed many times on this forum. A similar conversation took place month ago.
Your question is fair - and the way things are is arguably arbitrary. The decision to make you explicitly authorize each DNS name like this is probably, on balance, the best option that avoids incorrectly authorizing domains that e.g. might have access controls preventing them being updated (nsupdate/RFC2136) or are entirely delegated away.
Given that Let’s Encrypt is meant to be used in a completely automated manner, the number of challenges should not pose any great inconvenience to users. If you are doing this stuff manually, I can see how you might be annoyed by Let’s Encrypt being a stickler.