diff --git a/k8s/infra/network/gateway/cert-stonegarden.yaml b/k8s/infra/network/gateway/cert-stonegarden.yaml
new file mode 100644
index 0000000..cfdf4e8
--- /dev/null
+++ b/k8s/infra/network/gateway/cert-stonegarden.yaml
@@ -0,0 +1,17 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: cert-stonegarden
+  namespace: gateway
+spec:
+  dnsNames:
+    - "*.stonegarden.dev"
+    - stonegarden.dev
+  issuerRef:
+    group: cert-manager.io
+    kind: ClusterIssuer
+    name: cloudflare-cluster-issuer
+  secretName: cert-stonegarden
+  usages:
+    - digital signature
+    - key encipherment
diff --git a/k8s/infra/network/gateway/gw-stonegarden.yaml b/k8s/infra/network/gateway/gw-stonegarden.yaml
index 3d895b6..b24205d 100644
--- a/k8s/infra/network/gateway/gw-stonegarden.yaml
+++ b/k8s/infra/network/gateway/gw-stonegarden.yaml
@@ -3,8 +3,8 @@ kind: Gateway
 metadata:
   name: stonegarden
   namespace: gateway
-  annotations:
-    cert-manager.io/issuer: cloudflare-issuer
+#  annotations:
+#    cert-manager.io/issuer: cloudflare-issuer
 spec:
   gatewayClassName: cilium
   infrastructure:
@@ -29,7 +29,8 @@ spec:
       tls:
         certificateRefs:
           - kind: Secret
-            name: cloudflare-cert
+            name: cert-stonegarden
+            #name: cloudflare-cert
       allowedRoutes:
         namespaces:
           from: All
diff --git a/k8s/infra/network/gateway/kustomization.yaml b/k8s/infra/network/gateway/kustomization.yaml
index c648aeb..576f73c 100644
--- a/k8s/infra/network/gateway/kustomization.yaml
+++ b/k8s/infra/network/gateway/kustomization.yaml
@@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
+  - cert-stonegarden.yaml
   - gateway-class.yaml
   - ns.yaml
   - cloudflare-api-token.yaml