apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: wildcard-main-cert
  namespace: cert-manager
spec:
  secretName: wildcard-main-tls

  secretTemplate:
    annotations:
      replicator.v1.mittwald.de/replicate-to: "traefik,download,media,tools,management,authentik,database,monitoring"

  duration: 2160h # 90d
  renewBefore: 360h # 15d

  issuerRef:
    name: letsencrypt-production
    kind: ClusterIssuer

  dnsNames:
    - "*.${SECRET_NEW_DOMAIN}"
#    - "*.k3s.${SECRET_NEW_DOMAIN}"
#    - "*.database.${SECRET_NEW_DOMAIN}"
#    - "*.s3.${SECRET_NEW_DOMAIN}"