diff --git a/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml b/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml
index 9a5d60ead..4bafaf561 100644
--- a/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml
@@ -85,6 +85,7 @@ spec:
     l7proxy: true
     ingressController:
       enabled: true
+      defaultSecretNamespace: ${SECRET_CLUSTER_DOMAIN//./-}-tls
       loadbalancerMode: shared
       service:
         loadBalancerIP: "${CLUSTER_LB_CILIUM}"
diff --git a/kubernetes/apps/networking/ingress-nginx/app/helmrelease.yaml b/kubernetes/apps/networking/ingress-nginx/app/helmrelease.yaml
index 788f81f4f..6d59c7f80 100644
--- a/kubernetes/apps/networking/ingress-nginx/app/helmrelease.yaml
+++ b/kubernetes/apps/networking/ingress-nginx/app/helmrelease.yaml
@@ -66,7 +66,7 @@ spec:
             any: true
       extraArgs:
         default-ssl-certificate: |-
-          networking/${SECRET_CLUSTER_DOMAIN/./-}-tls
+          networking/${SECRET_CLUSTER_DOMAIN//./-}-tls
       topologySpreadConstraints:
         - maxSkew: 1
           topologyKey: kubernetes.io/hostname
diff --git a/kubernetes/apps/networking/ingress-nginx/certificates/certificates.yaml b/kubernetes/apps/networking/ingress-nginx/certificates/certificates.yaml
index 1582bd5c2..171b46d86 100644
--- a/kubernetes/apps/networking/ingress-nginx/certificates/certificates.yaml
+++ b/kubernetes/apps/networking/ingress-nginx/certificates/certificates.yaml
@@ -2,10 +2,10 @@
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: ${SECRET_CLUSTER_DOMAIN/./-}
+  name: ${SECRET_CLUSTER_DOMAIN//./-}
   namespace: networking
 spec:
-  secretName: ${SECRET_CLUSTER_DOMAIN/./-}-tls
+  secretName: ${SECRET_CLUSTER_DOMAIN//./-}-tls
   issuerRef:
     name: letsencrypt-production
     kind: ClusterIssuer