Looking just at how this practically works, giving a new challenge with each issuance (whether a renewal or not) is policy by Let's Encrypt to ensure that the domain owner's consent is actually current.

While Let's Encrypt can only offer domain-validated certs, their take on domain-validation appears more robust in some areas than many of the traditional CAs (who sell domain-validated certs).
I think this is probably a result of a combination of ideals (LE doesn't make money from selling more certs anyway, so I suppose they can afford having ideals), but also a matter of showing that they are really serious about validation in order to first of all get accepted and then to also stay in the trusted root stores of all the major OS/browser vendors.

That said, the whole foundation of Let's Encrypt (and ACME-based certificate issuance in general) is automation. Used as intended, there's no real difference between the initial issuance and the renewal.
The whole idea is that if you use eg certbot, then you specify the DNS plugin relevant to you and the plugin config as necessary already when you first request a new cert. certbot stores all the parameters for the cert that was issued, and then you can automatically renew as many times you like without any additional manual work.

Regarding the DNS plugins specifically, they have the rfc2136 plugin (standard DNS dynamic updates) which covers typical DNS servers you would run yourself (eg BIND, PowerDNS, Knot, etc) as well as plugins for the APIs of many of the major DNS service providers.
If any of these are what you use, it should be straightforward.