diff --git a/pkg/controller/certificaterequests/sync.go b/pkg/controller/certificaterequests/sync.go
index 599ec4952..81d9f6caf 100644
--- a/pkg/controller/certificaterequests/sync.go
+++ b/pkg/controller/certificaterequests/sync.go
@@ -63,7 +63,7 @@ func (c *Controller) Sync(ctx context.Context, cr *v1alpha2.CertificateRequest)
 	crCopy := cr.DeepCopy()
 
 	defer func() {
-		if _, saveErr := c.updateCertificateRequestStatus(ctx, cr, crCopy); saveErr != nil {
+		if _, saveErr := c.updateCertificateRequestStatusAndAnnotations(ctx, cr, crCopy); saveErr != nil {
 			err = utilerrors.NewAggregate([]error{saveErr, err})
 		}
 	}()
@@ -157,8 +157,15 @@ func (c *Controller) Sync(ctx context.Context, cr *v1alpha2.CertificateRequest)
 	return nil
 }
 
-func (c *Controller) updateCertificateRequestStatus(ctx context.Context, old, new *v1alpha2.CertificateRequest) (*v1alpha2.CertificateRequest, error) {
+func (c *Controller) updateCertificateRequestStatusAndAnnotations(ctx context.Context, old, new *v1alpha2.CertificateRequest) (*v1alpha2.CertificateRequest, error) {
 	log := logf.FromContext(ctx, "updateStatus")
+
+	// if annotations changed we have to call .Update() and not .UpdateStatus()
+	if !reflect.DeepEqual(old.Annotations, new.Annotations) {
+		log.V(logf.DebugLevel).Info("updating resource due to change in annotations", "diff", pretty.Diff(old.Annotations, new.Annotations))
+		return c.cmClient.CertmanagerV1alpha2().CertificateRequests(new.Namespace).Update(context.TODO(), new, metav1.UpdateOptions{})
+	}
+
 	oldBytes, _ := json.Marshal(old.Status)
 	newBytes, _ := json.Marshal(new.Status)
 	if reflect.DeepEqual(oldBytes, newBytes) {
diff --git a/pkg/controller/certificaterequests/venafi/venafi.go b/pkg/controller/certificaterequests/venafi/venafi.go
index 92ae0975c..ce00f20b6 100644
--- a/pkg/controller/certificaterequests/venafi/venafi.go
+++ b/pkg/controller/certificaterequests/venafi/venafi.go
@@ -137,10 +137,6 @@ func (v *Venafi) Sign(ctx context.Context, cr *cmapi.CertificateRequest, issuerO
 		v.reporter.Pending(cr, err, "IssuancePending", "Venafi certificate is requested")
 
 		metav1.SetMetaDataAnnotation(&cr.ObjectMeta, VenafiPickupIDAnnotation, pickupID)
-		_, err = v.cmClient.CertmanagerV1alpha2().CertificateRequests(cr.GetNamespace()).Update(ctx, cr, metav1.UpdateOptions{})
-		if err != nil {
-			return nil, err
-		}
 
 		return nil, nil
 	}