apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: wildcard-main-cert
  namespace: nginx
spec:
  secretName: wildcard-main-tls

  duration: 2160h # 90d
  renewBefore: 360h # 15d

  issuerRef:
    name: letsencrypt-production
    kind: ClusterIssuer

  dnsNames:
    - "${SECRET_NEW_DOMAIN}"
    - "*.${SECRET_NEW_DOMAIN}"
    - "*.internal.${SECRET_NEW_DOMAIN}"