Dynamic long subdomains with Let's Encrypt


I'm currently using Traefik v2 in my Kubernetes cluster. I use it to route traffic to each pods and to manage HTTPS certificates using Let's Encrypt.

I've a root domain domain.dev that points to the web and websecure endpoint.
When deploying a new service it will be available to the following URL : <SERVICE>.<BRANCH>.<PROJECT>.domain.dev.

Currently I'm using the following IngressRoute for each service :

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
    - websecure
    - kind: Rule
      match: Host(`<SERVICE>.<BRANCH>.<PROJECT>.domain.dev`)
        - name: <SERVICE>
          port: 80
    certResolver: le

This works fine until I used very long names for <SERVICE>, <BRANCH> and <PROJECT>... Where I got the following error :

time="2020-06-04T00:00:00Z" level=error msg="Unable to obtain ACME certificate for domains \"branch-xxxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxxx.project-xxxxxxxxx.domain.dev\": unable to generate a certificate for the domains [branch-xxxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxxx.project-xxxxxxxxx.domain.dev]: error: one or more domains had a problem:\n[branch-xxxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxxx.project-xxxxxxxxx.domain.dev] acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/finalize/12345678/1234567890 :: urn:ietf:params:acme:error:badCSR :: Error finalizing order :: CN was longer than 64 bytes, url: \n" providerName=le.acme rule="Host(`branch-xxxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxxx.project-xxxxxxxxx.domain.dev`)" routerName=service-branch-project@kubernetescrd

I've replaced real names with xxx but length was not modified...

Multiple SERVICE might be defined on the same BRANCH-PROJECT, multiple BRANCH might be defined on the same PROJECT as well. Everything is done dynamically based on a Git repo.

How could I setup my Traefik to issue certificates for each service, without having any issue like CN too long or maybe rate limit, etc...?

Tanks very much in advance,