The problem was a default certificate.
The default certificate contained a wildcard domain which the subdomain used.
I restarted traefik WITHOUT the default certificate, received my acme certificate properly, then started traefik again WITH the certificate.
tls:
stores:
default:
defaultCertificate:
certFile: /certificate.crt
keyFile: /private.key