cert-manager newOrder request does not contain 'kid' field in header, hence no certificate issued

Question

I have a custom ACME server and I would like to issue certificates using the cert-manager in Kubernetes and ACME protocol.

I am using cert-manager version v1.7.0. Account is successfully registered but when I try to issue certificate, it is rejected by the server because the JWS Protected Header does not contain kid field as specified in the RFC 8555.

   The "jwk" and "kid" fields are mutually exclusive.  Servers MUST
   reject requests that contain both.

   For newAccount requests, and for revokeCert requests authenticated by
   a certificate key, there MUST be a "jwk" field.  This field MUST
   contain the public key corresponding to the private key used to sign
   the JWS.

   For all other requests, the request is signed using an existing
   account, and there MUST be a "kid" field.  This field MUST contain
   the account URL received by POSTing to the newAccount resource.

The header for the newOrder request contains jwk, but it should contain kid:

{
  "alg": "RS256",
  "jwk": {
    "e": "AQAB",
    "kty": "RSA",
    "n": "5eOrsXP-DTjQ8Ta1lo0kAnN9EbqGjAuRGAtAW8gGSRQJu26DnDls7nB4z5eWkJXeYk6bqATIH5rqE91d1x_13xXynBNytkmKIR3nrP00i3uZdY0hI7aaDrcFjRuk1c8IYfj4mPQUsMtlJDM73aXPublSJt9ZRFVHxFv0jslqovxgYXpXPyenQkt40r1iDpHQC2wzy88Scgzg1HesiNd7gjdGhAtDKUgWfQuyNLskcY55Fhdonx8h-frJ_5S-HCLyeJ67tD7If2Q8oQBCJhuhdk12GIyEA8EoFk7YHYDdwMffyFzgbewlMgQQvaSavWeYEv9Dbw_VtFFiayNWaYxZsw"
  },
  "nonce": "9c34AdVKP7CFoVvE5nKTuu5haR1-H175n-n7BLuaMi0",
  "url": "https://localhost/api/acme/test/new-order"
}

Is there any specific configuration how to tell cert-manager to use kid? It should be implemented according the RFC so I assume it should do it automatically.

What is interesting, when I switch to letsencrypt ACME servers, the cert-manager will include the kid in the newOrder requests instead of jwk.

I am out of ideas...