Cert-manager http-01 challenge failing

I'm attempting to use an ingressroute with a certificate from cert-manager, requested through an HTTP-01 challenge.

However, cert-manager is unable to complete the challenge. Traefik does not return keys when requesting /.well-known/acme-challenge/<key>, it instead just passes the request along to the service of the ingressroute.
This might seem like a cert-manager issue, but as cert-manager itself works and traefik is not allowing cert-manager to "intercept" the /.well-known/ requests, I feel like I'm misconfiguring something on the traefik side of things.

What am I doing wrong?

Relevant cert-manager logs:

"msg"="propagation check failed" "error"="did not get expected response when querying endpoint, expected \"<key>\" but got: Hostname: whoami-5f5c8f8... (truncated)" "dnsName"="domain.tld" "resource_kind"="Challenge" "resource_name"="domain.tld-fp6zf-278830947-122497719" "resource_namespace"="default" "resource_version"="v1" "type"="HTTP-01" 

Ingressroute:

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: wordpress-ingressroute
  namespace: kube-system
  annotations: 
    kubernetes.io/ingress.class: traefik-ingress
spec:
  entryPoints:
    - websecure #port 443
    - web #port 80
  routes:
    - match: Host(`domain.tld`) || Host(`www.domain.tld`)
      kind: Rule
      services:
        - name: whoami
          port: 80
          namespace: default

Certificate:

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: domain.tld
  namespace: default
spec:
  dnsNames:
    - 'odmain.tld'
    - 'www.domain.tld'
  secretName: domain.tld
  issuerRef:
    name: http-challenge
    kind: ClusterIssuer

ClusterIssuer:

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: http-challenge
spec:
  acme:
    email: letsencrypt@email.tld
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: http-challenge-private-key
    solvers:
    - http01:
        ingress:
          class: traefik-ingress
      selector: {}