How to add exception for route in cert-manager ingress

So here is the problem
I have a VirtualService for a host with multiple routes
First few routes route traffic to services serving rest requests
Last route has no match condition and routes all traffic to nginx service with web app giving back index.html for every path except some js files

And this all works great until I decided to use cert-manager to auto update certificates
I created issuer for cert-manager with acme http01 method which requires letsencrypt to verify my host by sending request at /.well-known/* path
now when cert-manager needs to update certificate it creates kubernetes ingress with /.well-known/blabla path
Problem is that this ingress never gets requests routed to it because virtualservice last route routes everything to nginx sevice.
And as I found VirtualService has higher priority because it was created first

Is there a way to solve this? Can I somehow create a route in VirtualService which traps all traffic except /.well-known/ prefix? Or can I prioritize kubernetes ingress created by cert-manager over VirtualService? Or any other solution…

In the end I had to remove tls: httpsRedirect: true from Gateway. And add it at VirtualService level with this match condition:

        - uri:
            regex: ^\/[^\.].*
            exact: http