diff --git a/charts/subcharts/templates/cart-manager.yaml b/charts/subcharts/templates/cart-manager.yaml
new file mode 100644
index 0000000..89d09b6
--- /dev/null
+++ b/charts/subcharts/templates/cart-manager.yaml
@@ -0,0 +1,39 @@
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-rfc2136
+spec:
+  acme:
+    email: {{ .Values.ssl.email }}
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: letsencrypt-rfc2136
+    solvers:
+      - dns01:
+          rfc2136:
+            nameserver: hawke.hxst.com.au:53
+            tsigKeyName: "hxme-update-key"
+            tsigAlgorithm: HMACSHA512
+            tsigSecretSecretRef:
+              name: hxme-update-key
+              key: hxme-update-key
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ .Values.ssl.secret_name }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  secretName: {{ .Values.ssl.secret_name }}
+  secretTemplate:
+    annotations:
+      replicator.v1.mittwald.de/replication-allowed: "true"
+  issuerRef:
+    name: letsencrypt-rfc2136
+    kind: ClusterIssuer
+  commonName: "{{ .Values.global.domain }}"
+  dnsNames:
+    - "{{ .Values.global.domain }}"
+    - "*.{‌{ .Values.global.domain }}"
+
diff --git a/values.yaml b/values.yaml
new file mode 100644
index 0000000..f777320
--- /dev/null
+++ b/values.yaml
@@ -0,0 +1,6 @@
+global:
+  domain: hxme.net
+
+ssl:
+  secret_name: wildcard-hxme-net
+  email: admin@hxme.net