---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: wildcard-sovereign-cloud
  namespace: default
spec:
  secretName: wildcard-sovereign-cloud-tls
  dnsNames:
  - "*.${DOMAIN}"
  - "${DOMAIN}"
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
  duration: 2160h # 90 days
  renewBefore: 360h # 15 days
  privateKey:
    algorithm: RSA
    size: 2048