I don't think that Plesk for ipanda is the DNS either. It shows an A record for ipv4.ipanda.help but there is not one in the public DNS. Try dig for that domain name and you'll see for yourself.
The ipanda cert (link here) was just for the apex and www domain. It is not a wildcard cert so would not require a DNS Challenge. Maybe you used an HTTP Challenge for it? Maybe just try just the apex and www domain names for dream too instead of a wildcard?
Or, there is some other config that connects Plesk to your ionos DNS provider (as mentioned by _az earlier)
We can help diagnose this but your hosting provider is in best position to know how Plesk on their system should work. After all, they set it up.
Thank you all for your time and support, with all your guidance I was able to narrow it down.
I finally been able to successfully submit the letsencrypt ticket.
Plesk is adding the needed DNS records to its own manager, but the website doesn´t resolve to the plesk entries, instead it resolves to the entries inside my domain provider, which is in my case IONOS.
There are ways to change the nameservers so it´s using the Plesk DNS, but I couldn´t figure it out for now.
So I just added the needed DNS Record inside the IONOS DNS manager of my page, after I ordered a new letsencrypt ticket and this time it worked.
I used www.whatsmydns.net to check the propagation of my entries. I didn´t knew that the "_acme-challenge" entry wont show up there, even if it´s there, so this was also another thing. I used a "txt" entry with "test" as the value, to see if the propagation was already working and then I resolved the issued letsencrypt ticket.
Thanks again, without you, I couldn't have wrapped my head around this issue.
May this thread be helpful for everyone having the same confusion about the inner workings, between plesk and the providers.
That is a very unnecessary workaround.
But I'm glad it is able to get you the cert you need.
That DNS provider needs to understand that they are no longer authoritative for that zone.
Once they remove it, they will default to global DNS, which will return the current authoritative servers.