We find the certificate of some of our large customers don't get refreshed.
These customer are with relevant famous domain name, like "zjaasd.zappos.com". We know in some cases Let's encrypt will refuse to sign certificate for some famous websites, like google.com or AWS EC2 domain names.
We are considering if what we are hitting is the same case. However, we can use Let's encrypt to sign certificates initially for these websites but failed to renew certificates.
If it's due to the specific blocking that you're talking about, the error message would say something like "blocked by policy". I don't see in your post what error you're getting when you try. I'm not familiar with your ACME client, and I know some of them make actually showing you the error much more complicated than it should be, but hopefully somewhere there's a log that tells you the actual response from Let's Encrypt, which might help shed light on what problem you're running into.
I'm sincerely curious: you're asking for help, but the only information you're providing is that the domains are "affected by another issue". How do you expect us to advice you with so little information? Note that this is a community of mostly volunteers. We cannot check Let's Encrypt log files or anything. We rely on the information provided by the people seeking help.
Let me explain a little bit more on 'another issue'. We are using microk8s inside EC2 instances. We don't enable the auto renewal of microk8s service certificates. So once the service certificates expire, kubectl can not talk with microk8s service. I suspect this may also cause cert-mamager not function properly. However, I don't have direct evidence to prove it.
I believe this question is out of the scope of the Let's encrypt community. it is more like a question for the cert-manager community. From my personal understanding, it will cause impact, since cert-manager can't create the acme resolver without the connection to k8s apiserver.