diff --git a/kubernetes/main/apps/cert-manager/certificates/ks.yaml b/kubernetes/main/apps/cert-manager/certificates/ks.yaml
deleted file mode 100644
index bd16f5b02..000000000
--- a/kubernetes/main/apps/cert-manager/certificates/ks.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-# yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: &app certificates
-  namespace: flux-system
-spec:
-  targetNamespace: cert-manager
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: *app
-  dependsOn:
-    - name: cert-manager-issuers
-  path: ./kubernetes/main/apps/cert-manager/certificates/app
-  prune: false
-  sourceRef:
-    kind: GitRepository
-    name: home-kubernetes
-  wait: true
-  interval: 30m
-  timeout: 5m
diff --git a/kubernetes/main/apps/cert-manager/kustomization.yaml b/kubernetes/main/apps/cert-manager/kustomization.yaml
index 890b1baa9..f17369125 100644
--- a/kubernetes/main/apps/cert-manager/kustomization.yaml
+++ b/kubernetes/main/apps/cert-manager/kustomization.yaml
@@ -7,4 +7,3 @@ resources:
   - ./namespace.yaml
   # Flux-Kustomizations
   - ./cert-manager/ks.yaml
-  - ./certificates/ks.yaml
diff --git a/kubernetes/main/apps/cert-manager/certificates/app/certificates.yaml b/kubernetes/main/apps/network/nginx/certificates/certificates.yaml
similarity index 100%
rename from kubernetes/main/apps/cert-manager/certificates/app/certificates.yaml
rename to kubernetes/main/apps/network/nginx/certificates/certificates.yaml
diff --git a/kubernetes/main/apps/cert-manager/certificates/app/kustomization.yaml b/kubernetes/main/apps/network/nginx/certificates/kustomization.yaml
similarity index 100%
rename from kubernetes/main/apps/cert-manager/certificates/app/kustomization.yaml
rename to kubernetes/main/apps/network/nginx/certificates/kustomization.yaml
diff --git a/kubernetes/main/apps/cert-manager/certificates/app/pushsecret.yaml b/kubernetes/main/apps/network/nginx/certificates/pushsecret.yaml
similarity index 100%
rename from kubernetes/main/apps/cert-manager/certificates/app/pushsecret.yaml
rename to kubernetes/main/apps/network/nginx/certificates/pushsecret.yaml
diff --git a/kubernetes/main/apps/cert-manager/certificates/app/staging.yaml b/kubernetes/main/apps/network/nginx/certificates/staging.yaml
similarity index 100%
rename from kubernetes/main/apps/cert-manager/certificates/app/staging.yaml
rename to kubernetes/main/apps/network/nginx/certificates/staging.yaml
diff --git a/kubernetes/main/apps/network/nginx/external/helmrelease.yaml b/kubernetes/main/apps/network/nginx/external/helmrelease.yaml
index a3e94cd6f..b29caf8bc 100644
--- a/kubernetes/main/apps/network/nginx/external/helmrelease.yaml
+++ b/kubernetes/main/apps/network/nginx/external/helmrelease.yaml
@@ -74,7 +74,7 @@ spec:
           namespaceSelector:
             any: true
       extraArgs:
-        default-ssl-certificate: cert-manager/${SECRET_DOMAIN}-tls
+        default-ssl-certificate: network/${SECRET_DOMAIN}-tls
       terminationGracePeriodSeconds: 120
       topologySpreadConstraints:
         - maxSkew: 1
diff --git a/kubernetes/main/apps/network/nginx/internal/helmrelease.yaml b/kubernetes/main/apps/network/nginx/internal/helmrelease.yaml
index 034720dc0..18ba18383 100644
--- a/kubernetes/main/apps/network/nginx/internal/helmrelease.yaml
+++ b/kubernetes/main/apps/network/nginx/internal/helmrelease.yaml
@@ -74,7 +74,7 @@ spec:
           namespaceSelector:
             any: true
       extraArgs:
-        default-ssl-certificate: cert-manager/${SECRET_DOMAIN}-tls
+        default-ssl-certificate: network/${SECRET_DOMAIN}-tls
       terminationGracePeriodSeconds: 120
       topologySpreadConstraints:
         - maxSkew: 1
diff --git a/kubernetes/main/apps/network/nginx/ks.yaml b/kubernetes/main/apps/network/nginx/ks.yaml
index 3cde0cdbd..dc6ea0a71 100644
--- a/kubernetes/main/apps/network/nginx/ks.yaml
+++ b/kubernetes/main/apps/network/nginx/ks.yaml
@@ -2,6 +2,29 @@
 # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
+metadata:
+  name: &app nginx-certificates
+  namespace: flux-system
+spec:
+  targetNamespace: network
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: cert-manager-issuers
+    - name: external-secrets-stores
+  path: ./kubernetes/main/apps/network/nginx/certificates
+  prune: false
+  sourceRef:
+    kind: GitRepository
+    name: home-kubernetes
+  wait: true
+  interval: 30m
+  timeout: 5m
+---
+# yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
 metadata:
   name: &app nginx-external
   namespace: flux-system
@@ -11,7 +34,8 @@ spec:
     labels:
       app.kubernetes.io/name: *app
   dependsOn:
-    - name: certificates
+    - name: external-secrets-stores
+    - name: nginx-certificates
   path: ./kubernetes/main/apps/network/nginx/external
   prune: true
   sourceRef:
@@ -33,7 +57,8 @@ spec:
     labels:
       app.kubernetes.io/name: *app
   dependsOn:
-    - name: certificates
+    - name: external-secrets-stores
+    - name: nginx-certificates
   path: ./kubernetes/main/apps/network/nginx/internal
   prune: true
   sourceRef:
diff --git a/kubernetes/utility/apps/cert-manager/certificates/ks.yaml b/kubernetes/utility/apps/cert-manager/certificates/ks.yaml
deleted file mode 100644
index 5aa8f1228..000000000
--- a/kubernetes/utility/apps/cert-manager/certificates/ks.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-# yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: &app certificates
-  namespace: flux-system
-spec:
-  targetNamespace: cert-manager
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: *app
-  dependsOn:
-    - name: cert-manager-issuers
-  path: ./kubernetes/utility/apps/cert-manager/certificates/app
-  prune: false
-  sourceRef:
-    kind: GitRepository
-    name: home-kubernetes
-  wait: true
-  interval: 30m
-  timeout: 5m
diff --git a/kubernetes/utility/apps/cert-manager/kustomization.yaml b/kubernetes/utility/apps/cert-manager/kustomization.yaml
index 890b1baa9..f17369125 100644
--- a/kubernetes/utility/apps/cert-manager/kustomization.yaml
+++ b/kubernetes/utility/apps/cert-manager/kustomization.yaml
@@ -7,4 +7,3 @@ resources:
   - ./namespace.yaml
   # Flux-Kustomizations
   - ./cert-manager/ks.yaml
-  - ./certificates/ks.yaml
diff --git a/kubernetes/utility/apps/cert-manager/certificates/app/certificates.yaml b/kubernetes/utility/apps/network/nginx/certificates/certificates.yaml
similarity index 100%
rename from kubernetes/utility/apps/cert-manager/certificates/app/certificates.yaml
rename to kubernetes/utility/apps/network/nginx/certificates/certificates.yaml
diff --git a/kubernetes/utility/apps/cert-manager/certificates/app/kustomization.yaml b/kubernetes/utility/apps/network/nginx/certificates/kustomization.yaml
similarity index 100%
rename from kubernetes/utility/apps/cert-manager/certificates/app/kustomization.yaml
rename to kubernetes/utility/apps/network/nginx/certificates/kustomization.yaml
diff --git a/kubernetes/utility/apps/cert-manager/certificates/app/pushsecret.yaml b/kubernetes/utility/apps/network/nginx/certificates/pushsecret.yaml
similarity index 100%
rename from kubernetes/utility/apps/cert-manager/certificates/app/pushsecret.yaml
rename to kubernetes/utility/apps/network/nginx/certificates/pushsecret.yaml
diff --git a/kubernetes/utility/apps/cert-manager/certificates/app/staging.yaml b/kubernetes/utility/apps/network/nginx/certificates/staging.yaml
similarity index 100%
rename from kubernetes/utility/apps/cert-manager/certificates/app/staging.yaml
rename to kubernetes/utility/apps/network/nginx/certificates/staging.yaml
diff --git a/kubernetes/utility/apps/network/nginx/external/helmrelease.yaml b/kubernetes/utility/apps/network/nginx/external/helmrelease.yaml
index 127db40d7..e25a5b5e0 100644
--- a/kubernetes/utility/apps/network/nginx/external/helmrelease.yaml
+++ b/kubernetes/utility/apps/network/nginx/external/helmrelease.yaml
@@ -73,7 +73,7 @@ spec:
           namespaceSelector:
             any: true
       extraArgs:
-        default-ssl-certificate: cert-manager/${SECRET_DOMAIN}-tls
+        default-ssl-certificate: network/${SECRET_DOMAIN}-tls
       terminationGracePeriodSeconds: 120
       topologySpreadConstraints:
         - maxSkew: 1
diff --git a/kubernetes/utility/apps/network/nginx/internal/helmrelease.yaml b/kubernetes/utility/apps/network/nginx/internal/helmrelease.yaml
index 3cd80164f..aa3e530f8 100644
--- a/kubernetes/utility/apps/network/nginx/internal/helmrelease.yaml
+++ b/kubernetes/utility/apps/network/nginx/internal/helmrelease.yaml
@@ -74,7 +74,7 @@ spec:
           namespaceSelector:
             any: true
       extraArgs:
-        default-ssl-certificate: cert-manager/${SECRET_DOMAIN}-tls
+        default-ssl-certificate: network/${SECRET_DOMAIN}-tls
       terminationGracePeriodSeconds: 120
       topologySpreadConstraints:
         - maxSkew: 1
diff --git a/kubernetes/utility/apps/network/nginx/ks.yaml b/kubernetes/utility/apps/network/nginx/ks.yaml
index b98e21949..b32f17d56 100644
--- a/kubernetes/utility/apps/network/nginx/ks.yaml
+++ b/kubernetes/utility/apps/network/nginx/ks.yaml
@@ -1,4 +1,26 @@
-
+---
+# yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app nginx-certificates
+  namespace: flux-system
+spec:
+  targetNamespace: network
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: cert-manager-issuers
+    - name: external-secrets-stores
+  path: ./kubernetes/utility/apps/network/nginx/certificates
+  prune: false
+  sourceRef:
+    kind: GitRepository
+    name: home-kubernetes
+  wait: true
+  interval: 30m
+  timeout: 5m
 ---
 # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
@@ -12,7 +34,8 @@ spec:
     labels:
       app.kubernetes.io/name: *app
   dependsOn:
-    - name: certificates
+    - name: external-secrets-stores
+    - name: nginx-certificates
   path: ./kubernetes/utility/apps/network/nginx/external
   prune: true
   sourceRef:
@@ -34,7 +57,8 @@ spec:
     labels:
       app.kubernetes.io/name: *app
   dependsOn:
-    - name: certificates
+    - name: external-secrets-stores
+    - name: nginx-certificates
   path: ./kubernetes/utility/apps/network/nginx/internal
   prune: true
   sourceRef: