Self-referential Ingress and Certificate must be done in order #661
Essentially the issue is HAProxy can't start since the cert is not present. Since HAProxy can't start the cert can't be issued.
Workaround: First create the Ingress without the TLS section. Then create the Certificate object. This will issue the cert and create tls secret. Now, update Ingress to add TLS section.