Wildcard certificate with letsencrypt - Waiting for DNS record propagation

I have followed various posts in various places to set up a basic traefik v2 installation on docker and am trying to get it to generate a wildcard certificate. It never seems to get past
time="2020-01-02T20:52:12Z" level=debug msg="legolog: [INFO] [*.my.domain] acme: Waiting for DNS record propagation."
This is despite the txt record being available on at least one of the specified resolvers. I'm using Dreamhost for my DNS challenge setup and the letsencrypt staging server.

Can anyone see where I'm going wrong?
Any help would be much appreciated! Thank you!

Here is my docker-compose.yml:

version: '3'

services:
  reverse-proxy:
    image: traefik:v2.1.1
    container_name: traefik
    restart: unless-stopped
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/traefik.toml:/traefik.toml:ro
      - ./data/rules:/rules:ro
      - ./data/acme.json:/acme.json
      - ./data/secrets:/run/secrets:ro
      - ./logs:/var/log
    environment:
            DREAMHOST_API_KEY_FILE: /run/secrets/dreamhost_api_key
    labels:
      - "traefik.enable=true"

      # global redirect to https
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=web"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"

      # global wildcard certificates
      - "traefik.http.routers.wildcard-certs.tls.certresolver=letsencrypt"
      - "traefik.http.routers.wildcard-certs.tls.domains[0].main=my.domain"
      - "traefik.http.routers.wildcard-certs.tls.domains[0].sans=*.my.domain"

      # dashboard
      - "traefik.http.routers.traefik.rule=Host(`traefik.my.domain`)"
      - "traefik.http.routers.traefik.tls=true"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.middlewares=authtraefik"
      - "traefik.http.middlewares.authtraefik.basicauth.usersfile=/run/secrets/htpasswd"


  whoami:
    image: "containous/whoami"
    container_name: "whoami"
    networks:
      - proxy
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`whoami.my.domain`)"
      - "traefik.http.routers.whoami.tls=true"
      - "traefik.http.routers.whoami.entrypoints=websecure"

networks:
  proxy:
    external: true

And my traefik.toml:

[global]
  checkNewVersion = true
  sendAnonymousUsage = false
[entryPoints]
  [entryPoints.web]
    address = ":80"

  [entryPoints.websecure]
    address = ":443"

[log]
  level = "DEBUG"
  filePath = "/var/log/traefik.log"

[accessLog]
  filePath = "/var/log/access.log"

[api]

[ping]

[providers.docker]
  network = "proxy"

[certificatesResolvers.letsencrypt.acme]
  email = "my@email"
  storage = "acme.json"
  caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
  [certificatesResolvers.letsencrypt.acme.dnsChallenge]
    provider = "dreamhost"
    resolvers = ["208.97.182.10:53", "66.33.205.230:53", "1.1.1.1:53", "8.8.8.8:53"]

Here is the DNS lookup result:

$ dig @208.97.182.10 -t txt _acme-challenge.my.domain

; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> @208.97.182.10 -t txt _acme-challenge.my.domain
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43550
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;_acme-challenge.my.domain. IN	TXT

;; ANSWER SECTION:
_acme-challenge.my.domain. 14400	IN TXT	"random-string-here"

;; Query time: 84 msec
;; SERVER: 208.97.182.10#53(208.97.182.10)
;; WHEN: Thu Jan 02 21:06:25 GMT 2020
;; MSG SIZE  rcvd: 106

After posting this it has eventually worked, not sure why it took so long. Does it have to propagate to all the DNS resolvers listed or just one perhaps?