It's quite hard to determine this, because your site has so many certificates issued, crt.sh and similar sites have trouble showing all of the certs..
I think what is happening here is that you're reaching the 50 certificates per domain per week limit. The domain cloudera.site is currently listed in the public suffix list as *.cloudera.site, which means any subdomain of cloudera.site is viewed as if it was a public suffix. However, before 1 september 2021 it was listed just as cloudera.site, i.e., without the wildcard!
This recent update has just been implemented into Boulder, the software for Let's Encrypt, yesterday in this update: Upgrade dependency weppos/publicsuffix-go (#5769) · letsencrypt/boulder@9d07942 · GitHub
So until this change is live in production, all subdomains of cloudera.site will be limited by the 50 certs per week per domain rate limit. When this update is actually live, this rate limit will be shifted towards sub-subdomains. I.e., you can have 50 certs per week for foo.cloudera.site and also 50 certs per week for bar.cloudera.site. I think Boulder updates go live once every two weeks? Not sure about that tho.. In any case, the update is already processed, so the only thing you can do now is wait..