It could work if both DNS and HTTP server were configured to respond to an arbitrary subdomain request, of course. Alternatively, since ACME/2 can create the authz in response to a cert order, could it not work thus:
authz asks to verify
Certificate requestor then demonstrates control of the zone by responding to an HTTP request to that subdomain.
This would still be error-prone for shared hosting environments, but at least there would potentially only be a single DNS zone change needed (i.e., to add a wildcard to the zone that points to the HTTP server).