You can import the other CA from ipa in Vault and still use acme protocol. As makes your job easier.

Use vault as a CA and support ACME protocol for Cert manager and is quite easy to use. The documentation is straight forward(https://developer.hashicorp.com/vault/tutorials/secrets-management/pki-acme-caddy). Good luck