I recently added a new domain (managed in aws route 53) to my portfolio. Now I am using a Kubernetes cluster and the cert manager to manage my certificates with letsencrypt. Basically this is my setup

• Cert Manager installed in namespace cluster-manager (as described in cert manager documentation with helm)
• ClusterIssuer using an htt01 -> ingress -> nginx solver
• Ingress with my currently 3 hosts

Now my problem is that for one of the 3 domains my order with letsencrypt is stuck in pending. Describing the order gives me the following output

#...
Challenges:
      Token:        my-token
      Type:         http-01
      URL:          https://acme-v02.api.letsencrypt.org/acme/chall-v3/xxxx/yyyy
      Token:        my-token
      Type:         dns-01
      URL:          https://acme-v02.api.letsencrypt.org/acme/chall-v3/xxxx/yyyy
      Token:        my-token
      Type:         tls-alpn-01
      URL:          https://acme-v02.api.letsencrypt.org/acme/chall-v3/xxxx/yyyy
    Identifier:     my-domain.com
    Initial State:  pending
    URL:            https://acme-v02.api.letsencrypt.org/acme/authz-v3/xxxx
    Wildcard:       false

My already present domains both are presented with initial state valid and if I remove the new domain certificates are issued as expected.

After alot of digging I have now run out of ideas what the problem could be.

• my-host:80/.well-known/acme-challence/my-token is reachable
• i disabled ssl redirect to exclude a permanent redirect as the problem
• all three cert manager pods are running as expected

I didn't want to post all yaml files and logs as this would make this question explode but I'd be more than happy to update the answer with information that might be helpful.