It's also possible to add a CNAME for _acme-challenge pointing to a hostname with a different domain which is hosted on a DNS provider with easy automation (e.g. acme-dns) or even an NS record pointing e.g. to Cloudflare. You'd need to add your domain to Cloudflare too, but wouldn't necessarily switch entirely. Just add the domain to Cloudflare, authenticate it somehow (dunno what CF requires for that exactly) and not use Cloudflares nameservers for the entire domain (i.e.: don't add the CF nameservers to the "upstream" TLD nameservers), but only use the CF nameservers for the _acme-challenge subdomain in NS records.
That said, if Oracle Cloud doesn't offer any automated way to update the certificate, the entire process wouldn't be automatable anyway..