Cannot create ClusterIssuer - kubernetes on premise

Hi all,

Cluster information:

Kubernetes version: v1.26.2
Cloud being used: bare-metal
Installation method: kubeadm init --v=5 --control-plane-endpoint --cri-socket unix:///var/run/crio/crio.sock
Host OS: Ubuntu latest
CNI and version: Calio latest
CRI and version: 1.26.1

I installed MetalLB successfully , ip address pool
I installed ingress-nginx successfully

kubectl get all -n ingress-nginx1
NAME                                             READY   STATUS    RESTARTS   AGE
pod/ingress-nginx1-controller-6475c75984-r9mmq   1/1     Running   0          94m

NAME                                          TYPE           CLUSTER-IP      EXTERNAL-IP     PORT(S)                      AGE
service/ingress-nginx1-controller             LoadBalancer   80:30236/TCP,443:31661/TCP   94m
service/ingress-nginx1-controller-admission   ClusterIP   <none>          443/TCP                      94m

NAME                                        READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/ingress-nginx1-controller   1/1     1            1           94m

NAME                                                   DESIRED   CURRENT   READY   AGE
replicaset.apps/ingress-nginx1-controller-6475c75984   1         1         1       94m

I installed cert-manager v1.11.0 successfully

kubectl get all -n cert-manager
NAME                                          READY   STATUS    RESTARTS   AGE
pod/cert-manager-6ffb79dfdb-khh5c             1/1     Running   0          52m
pod/cert-manager-cainjector-5fcd49c96-fh9tj   1/1     Running   0          52m
pod/cert-manager-webhook-796ff7697b-9gp2d     1/1     Running   0          52m

NAME                           TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
service/cert-manager           ClusterIP   <none>        9402/TCP   52m
service/cert-manager-webhook   ClusterIP     <none>        443/TCP    52m

NAME                                      READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/cert-manager              1/1     1            1           52m
deployment.apps/cert-manager-cainjector   1/1     1            1           52m
deployment.apps/cert-manager-webhook      1/1     1            1           52m

NAME                                                DESIRED   CURRENT   READY   AGE
replicaset.apps/cert-manager-6ffb79dfdb             1         1         1       52m
replicaset.apps/cert-manager-cainjector-5fcd49c96   1         1         1       52m
replicaset.apps/cert-manager-webhook-796ff7697b     1         1         1       52m

I tried to install a ClusterIssuer

kind: ClusterIssuer
  name: letsencrypt-production
  namespace: cert-manager
      name: letsencrypt-production
    - http01:
          class: nginx

and get error

kubectl apply -f issuer-letsencrypt-production.yaml
Error from server (InternalError): error when creating "issuer-letsencrypt-production.yaml": Internal error occurred: failed calling webhook "": failed to call webhook: Post "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": dial tcp connect: no route to host

How can I fix it ? Please give me some advice, thank you very much.

I reinstalled cluster with docker CRI docker and Mirantis cri-dockerd as shim , CNI Flannel and it works now.