Sadly most tools still doesn't support it: https://github.com/cert-manager/cert-manager/issues/8373#iss...

And then the issue is protecting the private key of the issuer and monitoring certificates (it's a good idea to do that anyway).