I'm trying to create a wildcard certificate via cert-manager on kubernetes and this is what I get when I run kubectl describe challenges
Status:
Presented: true
Processing: true
Reason: Waiting for DNS-01 challenge propagation: DNS record for "zencluster.org" not yet propagated
State: pending
That should get you the serial number being output by "ns-2" (though you might need to play with the $7 value). Compare that against your master server and ensure they're all in sync.