You might not aware that if a given zone is using dynamic updates, then you can not edit it manually anymore (and that’s the rewrite part is all about). That’s why I never went the nsupdate way, too complicated.
I am using dns-01 myself as well but I generate the zone file myself from a set of files with a specific LE one that gets modified for the acme challenge.
dns-01 as an auth method for LE is not the faint of heart, you might want to use another one 