diff --git a/internal/pkg/storage/sqlite.go b/internal/pkg/storage/sqlite.go
index a0502d8..9f91f5e 100755
--- a/internal/pkg/storage/sqlite.go
+++ b/internal/pkg/storage/sqlite.go
@@ -130,9 +130,9 @@
 }
 
 func (s *SQLiteStrategy) DumpSelectFields(table string) string {
-	// if table == "secrets" {
-	// 	return "name, data, domain"
-	// }
+	if table == "secrets" {
+		return "name, data, domain" // MODIFIED: Include domain for secrets
+	}
 	return "name, data"
 }
 
@@ -140,11 +140,10 @@
 	var dataStr string
 	if table == "secrets" {
 		// SQLite: 3 fields (name, TEXT data, domain)
-		if err := rows.Scan(&row.Name, &dataStr); err != nil {
+		if err := rows.Scan(&row.Name, &dataStr, &row.Domain); err != nil {
 			return err
 		}
-	}
- else {
+	} else {
 		// SQLite: 2 fields (name, TEXT data)
 		if err := rows.Scan(&row.Name, &dataStr); err != nil {
 			return err
@@ -155,6 +154,13 @@
 }
 
 func (s *SQLiteStrategy) RestoreRawRowSQL(table string) string {
+	if table == "secrets" {
+		return fmt.Sprintf(`
+			INSERT INTO secrets (name, data, enabled, updated_at, domain)
+			VALUES (?, ?, 1, CURRENT_TIMESTAMP, ?)
+			ON CONFLICT(name) DO UPDATE SET data=excluded.data, enabled=1, updated_at=CURRENT_TIMESTAMP, domain=excluded.domain`,
+		) // MODIFIED: Handle domain for secrets
+	}
 	// clusters or listeners
 	return fmt.Sprintf(`
 		INSERT INTO %s (name, data, enabled, updated_at)
diff --git a/internal/pkg/storage/storage.go b/internal/pkg/storage/storage.go
index f220712..d9f9e23 100755
--- a/internal/pkg/storage/storage.go
+++ b/internal/pkg/storage/storage.go
@@ -33,6 +33,7 @@
 	Email          string
 	CertPEM        []byte
 	KeyPEM         []byte
+	FullChainPEM   []byte // Added: Full certificate chain
 	AccountKey     []byte
 	AccountURL     string
 	IssuerType     string
@@ -66,6 +67,7 @@
 type RawRow struct {
 	Name string
 	Data json.RawMessage `json:"data"`
+	Domain sql.NullString `json:"domain"` // Added: Domain for secrets table
 }
 
 const (
@@ -118,8 +120,9 @@
 	renewBeforeNanos := cert.RenewBefore.Nanoseconds()
 
 	// 1. Generate placeholders based on strategy (e.g., $1...$10 or ?...?)
-	ph := make([]string, 10)
-	for i := 0; i < 10; i++ {
+	// Updated from 10 to 11 placeholders for FullChainPEM
+	ph := make([]string, 11)
+	for i := 0; i < 11; i++ {
 		ph[i] = s.placeholder(i + 1)
 	}
 
@@ -131,6 +134,7 @@
 		cert.Email,
 		cert.CertPEM,
 		cert.KeyPEM,
+		cert.FullChainPEM, // Added: FullChainPEM
 		cert.AccountKey,
 		cert.AccountURL,
 		cert.IssuerType,
@@ -144,7 +148,8 @@
 // LoadCertificate is largely simplified as only the placeholder needed change.
 func (s *Storage) LoadCertificate(ctx context.Context, domain string) (*CertStorage, error) {
 	// Use placeholder(1) and let the strategy handle the SQL dialect
-	query := fmt.Sprintf(`SELECT email, cert_pem, key_pem, account_key, account_url, issuer_type, secret_name, enable_rotation, renew_before FROM certificates WHERE domain = %s`, s.placeholder(1))
+	// Updated to include full_chain_pem in the SELECT query
+	query := fmt.Sprintf(`SELECT email, cert_pem, key_pem, full_chain_pem, account_key, account_url, issuer_type, secret_name, enable_rotation, renew_before FROM certificates WHERE domain = %s`, s.placeholder(1))
 
 	row := s.db.QueryRowContext(ctx, query, domain)
 
@@ -155,6 +160,7 @@
 		&cert.Email,
 		&cert.CertPEM,
 		&cert.KeyPEM,
+		&cert.FullChainPEM, // Added: FullChainPEM
 		&cert.AccountKey,
 		&cert.AccountURL,
 		&cert.IssuerType,
@@ -178,7 +184,8 @@
 func (s *Storage) LoadCertificateBySecretName(ctx context.Context, secretName string) (*CertStorage, error) {
 	// We expect one result, similar to LoadCertificate, but querying by secret_name.
 	// Use placeholder(1) and let the strategy handle the SQL dialect
-	query := fmt.Sprintf(`SELECT domain, email, cert_pem, key_pem, account_key, account_url, issuer_type, secret_name, enable_rotation, renew_before FROM certificates WHERE secret_name = %s`, s.placeholder(1))
+	// Updated to include full_chain_pem in the SELECT query
+	query := fmt.Sprintf(`SELECT domain, email, cert_pem, key_pem, full_chain_pem, account_key, account_url, issuer_type, secret_name, enable_rotation, renew_before FROM certificates WHERE secret_name = %s`, s.placeholder(1))
 
 	row := s.db.QueryRowContext(ctx, query, secretName)
 
@@ -190,6 +197,7 @@
 		&cert.Email,
 		&cert.CertPEM,
 		&cert.KeyPEM,
+		&cert.FullChainPEM, // Added: FullChainPEM
 		&cert.AccountKey,
 		&cert.AccountURL,
 		&cert.IssuerType,
@@ -258,7 +266,8 @@
 
 // LoadAllCertificates is unchanged from the original, as it didn't have driver logic.
 func (s *Storage) LoadAllCertificates(ctx context.Context) ([]*CertStorage, error) {
-	query := `SELECT domain, email, cert_pem, key_pem, account_key, account_url, issuer_type, secret_name, enable_rotation, renew_before FROM certificates`
+	// Updated to include full_chain_pem in the SELECT query
+	query := `SELECT domain, email, cert_pem, key_pem, full_chain_pem, account_key, account_url, issuer_type, secret_name, enable_rotation, renew_before FROM certificates`
 
 	rows, err := s.db.QueryContext(ctx, query)
 	if err != nil {
@@ -276,6 +285,7 @@
 			&cert.Email,
 			&cert.CertPEM,
 			&cert.KeyPEM,
+			&cert.FullChainPEM, // Added: FullChainPEM
 			&cert.AccountKey,
 			&cert.AccountURL,
 			&cert.IssuerType,