diff --git a/gitops/home-kubernetes/cilium/certificate_wildcard-lab-home-hrajfrisbee.yaml b/gitops/home-kubernetes/cilium/certificate_wildcard-lab-home-hrajfrisbee.yaml
new file mode 100644
index 0000000..a4c49ce
--- /dev/null
+++ b/gitops/home-kubernetes/cilium/certificate_wildcard-lab-home-hrajfrisbee.yaml
@@ -0,0 +1,12 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: wildcard-lab-home-hrajfrisbee
+  namespace: kube-system
+spec:
+  secretName: wildcard-lab-home-hrajfrisbee-tls
+  issuerRef:
+    name: letsencrypt-prod-dns
+    kind: ClusterIssuer
+  dnsNames:
+    - "*.lab.home.hrajfrisbee.cz"
\ No newline at end of file
diff --git a/gitops/home-kubernetes/cilium/gateway.yaml b/gitops/home-kubernetes/cilium/gateway.yaml
index 6fb11ab..7ca8013 100644
--- a/gitops/home-kubernetes/cilium/gateway.yaml
+++ b/gitops/home-kubernetes/cilium/gateway.yaml
@@ -13,14 +13,15 @@ spec:
       allowedRoutes:
         namespaces:
           from: All
-    - name: https
+    - name: lab-home-hrajfrisbee-https-wildcard
+      hostname: "*.lab.home.hrajfrisbee.cz"
       port: 443
       protocol: HTTPS
-      allowedRoutes:
-        namespaces:
-          from: All
       tls:
         mode: Terminate
         certificateRefs:
           - kind: Secret
-            name: gateway-tls
\ No newline at end of file
+            name: wildcard-lab-home-hrajfrisbee-tls
+      allowedRoutes:
+        namespaces:
+          from: All