This didn’t work in my case - I ended up going with setting the renewBefore
field in the certificate spec to a value that would cause a certificate renewal:
kubectl -n <namespace> patch certificate example-certificate --type=merge -p '{"spec":{"renewBefore":"2159h00m00s"}}'
Just be sure to remove it after the cert renews, otherwise you’ll rate limit yourself.
kubectl -n <namespace> patch certificate example-certificate --type=json -p='[{"op": "remove", "path": "/spec/renewBefore"}]'