It's a good thought, but no, that failure mode is not possible. When requesting a wildcard cert, we know that DNS-01 is the only acceptable validation method ahead of time. If there are any cached validations which used other methods, those are not deemed acceptable and are not attached to the new order. So switching from non-wildcard to wildcard can't trigger this failure mode.
5 Likes