No valid certificates for cert-manager in k8s. Pending order

For some reason, my certificates cannot be applied to my k8s cluster. I can see that general traffic flow is running, ie. using HTTP my site is up and running.

I’m using: Kubernetes 1.22 cert-manager 1.6.1

My ingress file looks like this:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: web
  namespace: web
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt-production"
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    nginx.org/websocket-services: web
    nginx.ingress.kubernetes.io/websocket-services: web
    nginx.ingress.kubernetes.io/proxy-send-timeout: "1800"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "1800"
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - some.example.com
      secretName: example-tls
  rules:
    - host: some.example.com
      http:
        paths:
          - pathType: Prefix
            path: /
            backend:
              service:
                name: web
                port:
                  number: 80

Clusterissuer (letsencrypt-production) file is:

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-production
spec:
  acme:
    email: services@chimeraprime.com
    privateKeySecretRef:
      name: letsencrypt-production
    server: https://acme-v02.api.letsencrypt.org/directory
    solvers:
    - http01:
        ingress:
          class: nginx
status:
  acme:
    lastRegisteredEmail: email@mycompany.com
    uri: https://acme-v02.api.letsencrypt.org/acme/acct/355122560
  conditions:
  - lastTransitionTime: "2022-01-08T17:45:55Z"
    message: The ACME account was registered with the ACME server
    observedGeneration: 1
    reason: ACMEAccountRegistered
    status: "True"
    type: Ready

Order is in pending state. Below the info from kubectl describe & kubernetes certifications:

Name:         web-web-tls-h4pn7-1463892238
Namespace:    web
Labels:       <none>
Annotations:  cert-manager.io/certificate-name: web-web-tls
              cert-manager.io/certificate-revision: 1
              cert-manager.io/private-key-secret-name: web-web-tls-pnrb9
API Version:  acme.cert-manager.io/v1
Kind:         Order
Metadata:
  Creation Timestamp:  2022-01-10T21:20:47Z
  Generation:          1
    Manager:      controller
    Operation:    Update
    Time:         2022-01-10T21:20:47Z
    API Version:  acme.cert-manager.io/v1
    Fields Type:  FieldsV1
    fieldsV1:
      f:status:
        .:
        f:authorizations:
        f:finalizeURL:
        f:state:
        f:url:
    Manager:      controller
    Operation:    Update
    Subresource:  status
    Time:         2022-01-10T21:20:47Z
  Owner References:
    API Version:           cert-manager.io/v1
    Block Owner Deletion:  true
    Controller:            true
    Kind:                  CertificateRequest
    Name:                  web-web-tls-h4pn7
    UID:                   356d2130-bb03-4cba-a751-cff5904b331c
  Resource Version:        32432743
  UID:                     7ae44312-9565-4656-bc71-6a921f8d899f
Spec:
  Dns Names:
    some.example.com
  Issuer Ref:
    Group:  cert-manager.io
    Kind:   ClusterIssuer
    Name:   letsencrypt-production
  Request:  LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ2d6Q0NBV3NDQVFBd0FEQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9CYwppZGVwS3dibkpQQWJhbnB0M0o4ZXZINisxcmd4N2JPbjdkQm1nR0k1L2QzOFpqVEFuWFRuNkg0QmJyNWxzTWxmCjZpT1MxT1EyWExORFh2Zlc5eENLbmdUbVB2aFdTVTZVMHppSE11bm95RDFIU2JaK3VlZXR3U1VrdDZYaGhCVXUKOC92L1FvU04zQm9OaHNqWjdMSThDMUt5RVU2K1d0TGt6RGNWbHZHdG4wSTNsVXhhTE9tYUEvRGtxYUdEcENMZQpKZmFoS1l4QmdiK004TndrVzVPc3F0T1QydWFMRzBmTVBMWDdJNTlMQXgwSnNsOHg3VzlNZTFZemdYVE5GcTZsCkM1dURpM2x5Z2xZNXdSZTExU1ZBdWpwV2FUWU1pQnl5T1Vway8vRmhIOG43U1B1c2FDaXRTdUV3S0VBU1FDVVIKY1h5T3FnUXUwNkIwT1BCaVBDOENBd0VBQWFBK01Ed0dDU3FHU0liM0RRRUpEakV2TUMwd0hnWURWUjBSQkJjdwpGWUlUWm1sdWEyNHVZMmhwYldWeVlYQnlhUzV0WlRBTEJnTlZIUThFQkFNQ0JhQXdEUVlKS29aSWh2Y05BUUVMCkJRQURnZ0VCQU5ON2VReTd0ZDgySWZoNUJuODBjRGFMcEN5WU9tSjd4RzlQUHJEaEl2RTlLTS8zdzN0WXJFem4KRXIraFczSU15WnY4MnhpYzRhbnFYclBIdEpzcjd4M3ZxVktNcVM5QUhmbGhMVGV4VUhCL0lRTWtkVG5tM3JaOAp3QUpmQUVBY21FU2hQNVpmYWJ3NEJZcWluc2U3Vk5KVWY2Sm94M1dKTGdsUnJSVlJrRVJ5SkR6Vy9oTWEzL085CjZGWkh1eTFGUENQUGRpM0lkZ2wwT0E4ek5yU0IyelloRWp5Q0hId3FPSEFDOEMxeU1vamJQeG5xeThEMlovVlAKWjd6dWlzTHZwU1lzWVdEYldnd3NwTmFHQ09ZM01QZmxtUDFJdzBGOEtlN3BIek1uaHRNUGFwUTV3QWw0SklCOQpJOVpObXBWam5HRXIra3VIYjFWWGhNTGRJcjhyUEZVPQotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KK
Status:
  Authorizations:
    Challenges:
      Token:        MA2X6cC5s4KehiEhNPANFDAEgjzHTgDlh5JVjvqjJ8U
      Type:         http-01
      URL:          https://acme-v02.api.letsencrypt.org/acme/chall-v3/66966354360/HF2Iag
      Token:        MA2X6cC5s4KehiEhNPANFDAEgjzHTgDlh5JVjvqjJ8U
      Type:         dns-01
      URL:          https://acme-v02.api.letsencrypt.org/acme/chall-v3/66966354360/sifuZA
      Token:        MA2X6cC5s4KehiEhNPANFDAEgjzHTgDlh5JVjvqjJ8U
      Type:         tls-alpn-01
      URL:          https://acme-v02.api.letsencrypt.org/acme/chall-v3/66966354360/NuJ8Yw
    Identifier:     some.example.com
    Initial State:  pending
    URL:            https://acme-v02.api.letsencrypt.org/acme/authz-v3/66966354360
    Wildcard:       false
  Finalize URL:     https://acme-v02.api.letsencrypt.org/acme/finalize/355122560/54310290910
  State:            pending
  URL:              https://acme-v02.api.letsencrypt.org/acme/order/355122560/54310290910
Events:
  Type    Reason   Age   From          Message
  ----    ------   ----  ----          -------
  Normal  Created  29m   cert-manager  Created Challenge resource "web-web-tls-h4pn7-1463892238-998650753" for domain "finkn.chimerapri.me"

Created challenge has no state:

Name:         web-web-tls-h4pn7-1463892238-998650753
Namespace:    web
Labels:       <none>
Annotations:  <none>
API Version:  acme.cert-manager.io/v1
Kind:         Challenge
Metadata:
  Creation Timestamp:  2022-01-10T21:20:47Z
  Finalizers:
    finalizer.acme.cert-manager.io
  Generation:  1
    Manager:    controller
    Operation:  Update
    Time:       2022-01-10T21:20:47Z
  Owner References:
    API Version:           acme.cert-manager.io/v1
    Block Owner Deletion:  true
    Controller:            true
    Kind:                  Order
    Name:                  web-web-tls-h4pn7-1463892238
    UID:                   7ae44312-9565-4656-bc71-6a921f8d899g
  Resource Version:        32432749
  UID:                     559a5ce8-d181-423a-9706-6e7532c433ef
Spec:
  Authorization URL:  https://acme-v02.api.letsencrypt.org/acme/authz-v3/66966354360
  Dns Name:           some.example.com
  Issuer Ref:
    Group:  cert-manager.io
    Kind:   ClusterIssuer
    Name:   letsencrypt-production
  Key:      MA2X6cC5s4KehiEhNPANFDAEgjzHTgDlh5JVjvqjJ8U.ZeoVv0hyPHZ3wO-p2vQVZWEvuU3Ti8DQSsrUIGlwP1d
  Solver:
    http01:
      Ingress:
        Class:  nginx
  Token:        MA2X6cC5s4KehiEhNPANFDAEgjzHTgDlh5JVjvqjJ8W
  Type:         HTTP-01
  URL:          https://acme-v02.api.letsencrypt.org/acme/chall-v3/66966354360/HF2Iag
  Wildcard:     false
Events:         <none>

What am I missing here, I’ve recently upgraded cert-manager from 1.0.1 to 1.6.1 and from then on I’m seeing this kind of issues.