I suspect you were having this issue with a wildcard cert because it matches exactly what i was seeing - I have put my solution here Wildcard Failing dns-01 Acme Challenge - it is just a matter of having things in the correct order. I’d be interested if that is how your cert setup ended up because I don’ think the contact had anything to do with it