diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/cleanup.yml b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/cleanup.yml
index 5d63c23..38b8205 100644
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/cleanup.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/cleanup.yml
@@ -1,7 +1,7 @@
 - name: Compress tarballs
   community.general.archive:
     dest: /opt/metacluster/container-images/image-tarballs.tgz
-    path: /opt/metacluster/container-images/*
+    path: /opt/metacluster/container-images/*.tar
     format: gz
     remove: yes
 
diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/git.yml b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/git.yml
index 776ea09..757b604 100644
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/git.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/git.yml
@@ -41,7 +41,7 @@
         method: GET
       register: api_readycheck
       until: api_readycheck.json.status is defined
-      retries: 3
+      retries: 5
       delay: 30
 
     - name: Generate gitea API token
diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/gitops.yml b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/gitops.yml
index 34400c5..b8d4fb0 100644
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/gitops.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/gitops.yml
@@ -16,7 +16,7 @@
         method: GET
       register: api_readycheck
       until: api_readycheck.json.Version is defined
-      retries: 3
+      retries: 5
       delay: 30
 
     - name: Generate argo-cd API token
diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/k3s.yml b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/k3s.yml
index f4b0558..c6cb1ee 100644
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/k3s.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/k3s.yml
@@ -19,7 +19,7 @@
     status_code: [200, 401]
   register: api_readycheck
   until: api_readycheck.json.apiVersion is defined
-  retries: 3
+  retries: 5
   delay: 30
 
 - name: Install kubectl tab-completion
diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/clusterapi.yml b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/clusterapi.yml
index cfba14d..6f3b17a 100644
--- a/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/clusterapi.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/clusterapi.yml
@@ -1,12 +1,12 @@
 - name: Configure clusterctl with hypervisor details
   ansible.builtin.blockinfile:
-    path: /opt/metacluster/manifests/clusterctl.yml
+    path: /opt/metacluster/manifests/clusterctl.yaml
     block: |
       ## -- Controller settings -- ##
       VSPHERE_USERNAME: {{ vapp['hv.username'] }}
       VSPHERE_PASSWORD: {{ vapp['hv.password'] }}
       ## -- Required workload cluster default settings -- ##
-      VSPHERE_SERVER: "{{ vapp['hv.fqdn'] }}
+      VSPHERE_SERVER: {{ vapp['hv.fqdn'] }}
       VSPHERE_DATACENTER: {{ vcenter_info.datacenter }}
       VSPHERE_DATASTORE: {{ vcenter_info.datastore }}
       VSPHERE_NETWORK: {{ vcenter_info.network }}
diff --git a/ansible/roles/metacluster/tasks/components.yml b/ansible/roles/metacluster/tasks/components.yml
index b940577..f1d3274 100644
--- a/ansible/roles/metacluster/tasks/components.yml
+++ b/ansible/roles/metacluster/tasks/components.yml
@@ -5,6 +5,7 @@
   loop:
     - /opt/metacluster/helm-charts
     - /opt/metacluster/manifests/bootstrap-kubeadm/{{ components.clusterapi.manifest.version.base }}
+    - /opt/metacluster/manifests/cert-manager/{{ components.clusterapi.manifest.version.cert_manager }}
     - /opt/metacluster/manifests/cluster-api/{{ components.clusterapi.manifest.version.base }}
     - /opt/metacluster/manifests/control-plane-kubeadm/{{ components.clusterapi.manifest.version.base }}
     - /opt/metacluster/manifests/infrastructure-vsphere/{{ components.clusterapi.manifest.version.infrastructure_vsphere }}
@@ -45,29 +46,32 @@
 
     - name: Download ClusterAPI manifests
       ansible.builtin.get_url:
-        url: https://github.com/kubernetes-sigs/{{ item.url }}
+        url: "{{ item.url }}"
         dest: /opt/metacluster/manifests/{{ item.dest }}
       register: clusterapi_manifests
       loop:
         # This list is based on `clusterctl config repositories`
         # Note: Each manifest also needs a metadata.yaml file stored in the respective folder
-        - url: cluster-api/releases/download/{{ components.clusterapi.manifest.version.base }}/bootstrap-components.yaml
+        - url: https://github.com/kubernetes-sigs/cluster-api/releases/download/{{ components.clusterapi.manifest.version.base }}/bootstrap-components.yaml
           dest: bootstrap-kubeadm/{{ components.clusterapi.manifest.version.base }}/bootstrap-components.yaml
-        - url: cluster-api/releases/download/{{ components.clusterapi.manifest.version.base }}/core-components.yaml
+        - url: https://github.com/kubernetes-sigs/cluster-api/releases/download/{{ components.clusterapi.manifest.version.base }}/core-components.yaml
           dest: cluster-api/{{ components.clusterapi.manifest.version.base }}/core-components.yaml
-        - url: cluster-api/releases/download/{{ components.clusterapi.manifest.version.base }}/control-plane-components.yaml
+        - url: https://github.com/kubernetes-sigs/cluster-api/releases/download/{{ components.clusterapi.manifest.version.base }}/control-plane-components.yaml
           dest: control-plane-kubeadm/{{ components.clusterapi.manifest.version.base }}/control-plane-components.yaml
-        - url: cluster-api-provider-vsphere/releases/download/{{ components.clusterapi.manifest.version.infrastructure_vsphere }}/infrastructure-components.yaml
+        - url: https://github.com/kubernetes-sigs/cluster-api-provider-vsphere/releases/download/{{ components.clusterapi.manifest.version.infrastructure_vsphere }}/infrastructure-components.yaml
           dest: infrastructure-vsphere/{{ components.clusterapi.manifest.version.infrastructure_vsphere }}/infrastructure-components.yaml
-        - url: cluster-api-provider-vsphere/releases/download/{{ components.clusterapi.manifest.version.infrastructure_vsphere }}/metadata.yaml
+        - url: https://github.com/kubernetes-sigs/cluster-api-provider-vsphere/releases/download/{{ components.clusterapi.manifest.version.infrastructure_vsphere }}/metadata.yaml
           dest: infrastructure-vsphere/{{ components.clusterapi.manifest.version.infrastructure_vsphere }}/metadata.yaml
         # This downloads the same metadata.yaml file to three separate folders
-        - url: cluster-api/releases/download/{{ components.clusterapi.manifest.version.base }}/metadata.yaml
+        - url: https://github.com/kubernetes-sigs/cluster-api/releases/download/{{ components.clusterapi.manifest.version.base }}/metadata.yaml
           dest: bootstrap-kubeadm/{{ components.clusterapi.manifest.version.base }}/metadata.yaml
-        - url: cluster-api/releases/download/{{ components.clusterapi.manifest.version.base }}/metadata.yaml
+        - url: https://github.com/kubernetes-sigs/cluster-api/releases/download/{{ components.clusterapi.manifest.version.base }}/metadata.yaml
           dest: cluster-api/{{ components.clusterapi.manifest.version.base }}/metadata.yaml
-        - url: cluster-api/releases/download/{{ components.clusterapi.manifest.version.base }}/metadata.yaml
+        - url: https://github.com/kubernetes-sigs/cluster-api/releases/download/{{ components.clusterapi.manifest.version.base }}/metadata.yaml
           dest: control-plane-kubeadm/{{ components.clusterapi.manifest.version.base }}/metadata.yaml
+        # Additionally, cert-manager is a prerequisite
+        - url: https://github.com/cert-manager/cert-manager/releases/download/{{ components.clusterapi.manifest.version.cert_manager }}/cert-manager.yaml
+          dest: cert-manager/{{ components.clusterapi.manifest.version.cert_manager }}/cert-manager.yaml
       loop_control:
         label: "{{ item.url | basename }}"
 
@@ -91,6 +95,7 @@
         _template:
           version:
             base: "{{ components.clusterapi.manifest.version.base }}"
+            cert_manager: "{{ components.clusterapi.manifest.version.cert_manager }}"
             infrastructure_vsphere: "{{ components.clusterapi.manifest.version.infrastructure_vsphere }}"
 
 - name: Parse helm charts for container images
diff --git a/ansible/roles/metacluster/templates/clusterctl.j2 b/ansible/roles/metacluster/templates/clusterctl.j2
index a02e3d1..65087ed 100644
--- a/ansible/roles/metacluster/templates/clusterctl.j2
+++ b/ansible/roles/metacluster/templates/clusterctl.j2
@@ -11,3 +11,6 @@ providers:
   - name: "vsphere"
     url: "/opt/metacluster/manifests/infrastructure-vsphere/{{ _template.version.infrastructure_vsphere }}/infrastructure-components.yaml"
     type: "InfrastructureProvider"
+
+cert-manager:
+  url: "/opt/metacluster/manifests/cert-manager/v{{ _template.version.cert_manager }}/cert-manager.yaml"