diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/certauthority.yml b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/certauthority.yml
index e246163..8afd526 100644
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/certauthority.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/certauthority.yml
@@ -34,13 +34,15 @@
       kind: Secret
       metadata:
         name: step-certificates-certs
-        namespace: "{{ item }}"
+        namespace: "{{ item.namespace }}"
       data:
-        root_ca.crt: "{{ stepca_cm_certs.resources[0].data['root_ca.crt'] | b64encode }}"
+        "{{ item.key }}": "{{ stepca_cm_certs.resources[0].data['root_ca.crt'] | b64encode }}"
     kubeconfig: "{{ kubeconfig.path }}"
   loop:
-    - argo-cd
-    - kube-system
+    - namespace: argo-cd
+      key: custom-ca-certificates.crt
+    - namespace: kube-system
+      key: root_ca.crt
 
 - name: Configure step-ca passthrough ingress
   ansible.builtin.template:
diff --git a/ansible/roles/firstboot/files/ansible_payload/templates/applicationset.j2 b/ansible/roles/firstboot/files/ansible_payload/templates/applicationset.j2
index f4852d6..27a4988 100644
--- a/ansible/roles/firstboot/files/ansible_payload/templates/applicationset.j2
+++ b/ansible/roles/firstboot/files/ansible_payload/templates/applicationset.j2
@@ -12,7 +12,7 @@ spec:
       - path: metacluster-applicationset/*
   template:
     metadata:
-      name: {% raw %}'{{ path.basename }}'{% endraw %}
+      name: {% raw %}'{{ path.basename }}'{% endraw +%}
     spec:
       project: default
       syncPolicy:
@@ -22,7 +22,7 @@ spec:
       source:
         repoURL: https://git.{{ vapp['metacluster.fqdn'] }}/mc/ArgoCD.Config.git
         targetRevision: HEAD
-        path: {% raw %}'{{ path }}'{% endraw %}
+        path: {% raw %}'{{ path }}'{% endraw +%}
       destination:
         server: https://{{ vapp['guestinfo.ipaddress'] }}:6443
         namespace: default
diff --git a/ansible/vars/metacluster.yml b/ansible/vars/metacluster.yml
index 198bb7d..829f6ed 100644
--- a/ansible/vars/metacluster.yml
+++ b/ansible/vars/metacluster.yml
@@ -152,8 +152,8 @@ components:
         controller:
           volumeMounts:
             - name: custom-ca-certificates
-              mountPath: /etc/ssl/certs/root_ca.crt
-              subPath: root_ca.crt
+              mountPath: /etc/ssl/certs/custom-ca-certificates.crt
+              subPath: custom-ca-certificates.crt
           volumes:
             - name: custom-ca-certificates
               secret:
@@ -162,8 +162,8 @@ components:
         repoServer:
           volumeMounts:
             - name: custom-ca-certificates
-              mountPath: /etc/ssl/certs/root_ca.crt
-              subPath: root_ca.crt
+              mountPath: /etc/ssl/certs/custom-ca-certificates.crt
+              subPath: custom-ca-certificates.crt
           volumes:
             - name: custom-ca-certificates
               secret:
@@ -178,8 +178,8 @@ components:
               - gitops.{{ vapp['metacluster.fqdn'] }}
           volumeMounts:
             - name: custom-ca-certificates
-              mountPath: /etc/ssl/certs/root_ca.crt
-              subPath: root_ca.crt
+              mountPath: /etc/ssl/certs/custom-ca-certificates.crt
+              subPath: custom-ca-certificates.crt
           volumes:
             - name: custom-ca-certificates
               secret: