diff --git a/services/cert-manager/0.2.7/root-ca.yaml b/services/cert-manager/0.2.7/root-ca.yaml
index 9644323bc..120422927 100644
--- a/services/cert-manager/0.2.7/root-ca.yaml
+++ b/services/cert-manager/0.2.7/root-ca.yaml
@@ -9,14 +9,11 @@ spec:
   prune: true
   interval: 1m0s
   path: ./services/cert-manager/0.2.7/root-ca
-  dependsOn:
-    - name: cert-manager-release
-      namespace: ${releaseNamespace}
   sourceRef:
     kind: GitRepository
     name: management
     namespace: kommander-flux
-  timeout: 60s
+  timeout: 480s
   # passing releaseNamespace to 2nd level configuration files for able to configure namespace correctly in attached clusters
   # Using `substituteFrom` with `substitution-vars` creates 2nd level resources in `kommander` namespace instead of workspace ns
   postBuild:
diff --git a/services/cert-manager/0.2.7/root-ca/root-ca.yaml b/services/cert-manager/0.2.7/root-ca/root-ca.yaml
index 784585043..73abb02e1 100644
--- a/services/cert-manager/0.2.7/root-ca/root-ca.yaml
+++ b/services/cert-manager/0.2.7/root-ca/root-ca.yaml
@@ -37,3 +37,38 @@ metadata:
 spec:
   ca:
     secretName: kommander-bootstrap-root-ca
+---
+# a quick solution to fix kommander-traefik and kube-oidc-proxy certificate in attached clusters (with and without cert-manager pre-installed)
+# https://jira.d2iq.com/browse/D2IQ-84510
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: selfsigned-issuer
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: kommander-ca
+  namespace: cert-manager
+spec:
+  isCA: true
+  commonName: kommander-ca
+  secretName: kommander-ca
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  issuerRef:
+    name: selfsigned-issuer
+    kind: ClusterIssuer
+    group: cert-manager.io
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: kommander-ca
+spec:
+  ca:
+    secretName: kommander-ca