Maybe I’m missing something then, how would you pass a DNS challenge?

I agree, if you’re putting your internal domain names into the public DNS you do not need a star cert.

I agree that this is a good idea, but I wanted to add that if someone owns a domain already, they can also use that internally without issue.

If you own a domain and use Let’s Encrypt for a star cert, you can have nice, well secured internal applications on your network with trusted certificates.