diff --git a/kube/deploy/apps/livestream/deps/tls.yaml b/kube/deploy/apps/livestream/deps/tls.yaml
index 17a40510..bc918827 100644
--- a/kube/deploy/apps/livestream/deps/tls.yaml
+++ b/kube/deploy/apps/livestream/deps/tls.yaml
@@ -10,10 +10,11 @@ spec:
     name: letsencrypt-production
     kind: ClusterIssuer
   privateKey:
-    algorithm: ECDSA
-    size: 384
+    algorithm: RSA
+    size: 2048
     rotationPolicy: Always
   commonName: "${DNS_STREAM}"
   dnsNames:
     - "${DNS_STREAM}"
     - "*.${DNS_STREAM}"
+    - "*.prod.${DNS_STREAM}"
diff --git a/kube/deploy/apps/livestream/oven/engine/hr.yaml b/kube/deploy/apps/livestream/oven/engine/hr.yaml
index 7902820f..c697bfe0 100644
--- a/kube/deploy/apps/livestream/oven/engine/hr.yaml
+++ b/kube/deploy/apps/livestream/oven/engine/hr.yaml
@@ -556,4 +556,4 @@ spec:
         command:
           - /bin/sh
           - -c
-          - awk -v cert_num=0 "split_after==1 {n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} n==cert_num {print}" /ssl/tls.crt > /tls/ca.pem && awk -v cert_num=1 "split_after==1 {n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} n==cert_num {print}" /ssl/tls.crt >> /tls/ca.pem && awk -v cert_num=2 "split_after==1 {n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} n==cert_num {print}" /ssl/tls.crt > /tls/server.pem
+          - awk -v cert_num=0 "split_after==1 {n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} n==cert_num {print}" /ssl/tls.crt > /tls/server.pem && awk -v cert_num=1 "split_after==1 {n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} n==cert_num {print}" /ssl/tls.crt > /tls/ca.pem && awk -v cert_num=2 "split_after==1 {n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} n==cert_num {print}" /ssl/tls.crt >> /tls/ca.pem