In ACME, an authorization is always meant to correspond to a specific domain name that can be validated. In ACME v2, you submit a CSR, and then the CA decides based on policy which authorizations you will need to satisfy in order to issue the certificate you requested. Per the blog post, Let's Encrypt will be doing DNS-based validation of the base domain (e.g.
*.example.com. So if the CSR has wildcard DNS names in it, Let's Encrypt will create a set of authorizations for the corresponding base domains, where the only available challenge method is DNS-01.