With this when I visit https://{{ my_domain }} I expect to have the connexion secured using a certificate generated for {{ my_domain }}, untrusted because it comes from lets encrypt staging server.
Though when I display the certificate being used I can see Traefik's default cert.
First I'd recommend checking with the tool https://letsdebug.net/ using TLS-ALPN-01 to make sure there are not issues connecting to the container from letsencrypt.
Add --log.level=DEDUG to traefik and see if anything interesting turns up.
From my (very)limited knowledge on k8s configuration looks okay from the snippets you've provided.