diff --git a/argocd/apps/cert-manager/cert-manager.yaml b/argocd/apps/cert-manager/cert-manager.yaml
index f9e78ae..2e507d4 100644
--- a/argocd/apps/cert-manager/cert-manager.yaml
+++ b/argocd/apps/cert-manager/cert-manager.yaml
@@ -2,21 +2,37 @@ apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
   name: cert-manager
-  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
 spec:
-  destination:
-    namespace: cert-manager
-    server: https://kubernetes.default.svc
   project: default
-  source:
-    chart: cert-manager
-    helm:
-      parameters:
-        - name: installCRDs
-          value: "true"
-    repoURL: https://charts.jetstack.io
-    targetRevision: v1.15.*
+  sources:
+    - repoURL: 'https://charts.jetstack.io'
+      targetRevision: 1.15.*
+      helm:
+        parameters:
+          - name: 'installCRDs'
+            value: 'true'
+          - name: 'namespace'
+            value: 'cert-manager'
+          - name: 'enableCertificateOwnerRef'
+            value: 'true'
+          - name: 'webhook.networkPolicy.enabled'
+            value: 'true'
+          - name: webhook.hostNetwork
+            value: 'true'
+          - name: webhook.securePort
+            value: '10250'
+      chart: cert-manager
+    - repoURL: 'http://192.168.4.101:3000/innohub/k3s.git'
+      targetRevision: main
+      path: argocd/apps/cert-manager/include 
+  destination:
+    server: 'https://kubernetes.default.svc'
+    namespace: cert-manager
   syncPolicy:
-    automated: {}
+    automated:
+      selfHeal: true
+      prune: true
     syncOptions:
       - CreateNamespace=true
\ No newline at end of file
diff --git a/argocd/apps/cert-manager/include/cluster-issuer.yaml b/argocd/apps/cert-manager/include/cluster-issuer.yaml
new file mode 100644
index 0000000..43008a0
--- /dev/null
+++ b/argocd/apps/cert-manager/include/cluster-issuer.yaml
@@ -0,0 +1,17 @@
+iapiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: lets-encrypt
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: lets-encrypt
+    email: inno-netz@zpd.polizei.niedersachsen.de
+    solvers:
+    - dns01:
+        cloudflare:
+          email: titus.innohubni@hotmail.de
+          apiTokenSecretRef:
+            name: cloudflare-api-token-secret
+            key: api-token
diff --git a/argocd/apps/cert-manager/include/tls-store.yaml b/argocd/apps/cert-manager/include/tls-store.yaml
new file mode 100644
index 0000000..cc28efa
--- /dev/null
+++ b/argocd/apps/cert-manager/include/tls-store.yaml
@@ -0,0 +1,8 @@
+iapiVersion: traefik.io/v1alpha1
+kind: TLSStore
+metadata:
+  name: default
+  namespace: kube-system
+spec:
+  defaultCertificate:
+    secretName: innovation-hub-niedersachsen.de-wildcard-tls
diff --git a/argocd/apps/cert-manager/include/wildcard-certificate.yaml b/argocd/apps/cert-manager/include/wildcard-certificate.yaml
new file mode 100644
index 0000000..b121a62
--- /dev/null
+++ b/argocd/apps/cert-manager/include/wildcard-certificate.yaml
@@ -0,0 +1,15 @@
+iapiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: innovation-hub-niedersachsen.de-wildcard
+  namespace: kube-system
+spec:
+  secretName: innovation-hub-niedersachsen.de-wildcard-tls
+  commonName: '*.innovation-hub-niedersachsen.de'
+  dnsNames:
+    - 'innovation-hub-niedersachsen.de'
+    - '*.innovation-hub-niedersachsen.de'
+  issuerRef:
+    name: lets-encrypt
+    kind: ClusterIssuer
+    group: cert-manager.io