diff --git a/charts/nginx-ingress-services/templates/certificate_federator.yaml b/charts/nginx-ingress-services/templates/certificate_federator.yaml
index 4aa35bcc6e..eeab01cc19 100644
--- a/charts/nginx-ingress-services/templates/certificate_federator.yaml
+++ b/charts/nginx-ingress-services/templates/certificate_federator.yaml
@@ -21,14 +21,12 @@ spec:
   duration: 2160h     # 90d, Letsencrypt default; NOTE: changes are ignored by Letsencrypt
   renewBefore: 360h   # 15d
   isCA: false
-  keyAlgorithm: ecdsa
-  keySize: 256        # hs-tls only supports p256
-  keyEncoding: pkcs1
   secretName: federator-certificate-secret
-  # NOTE: disabled due to https://github.com/jetstack/cert-manager/issues/2978
-  # TODO: enable when fixed (probably when cert-manager:v0.16 released)
-  #privateKey:
-  #  rotationPolicy: Always
+  privateKey:
+    algorithm: ECDSA
+    size: 256         # hs-tls only supports p256
+    encoding: PKCS1
+    rotationPolicy: Always
   dnsNames:
     - {{ .Values.config.dns.federator }}
 {{- end -}}