How to configure ingress with tls.crt and tls.key from a trusted CA using my domain xyz.com and IP: 10.10.10.10?

I would like to have TLS Certificate with my domain. Can you provide me with the settings for values.yaml to be changed to configure ingress with tls.crt and tls.key from a trusted CA using my domain abc.xyz.com and IP: 10.10.10.10?

Note: I updated the IPs and domain for security reasons.

I tried to update the ingress section in values.yaml:

  ingress:
    enabled: true
    labels: {}
    annotations:
      kubernetes.io/ingress.class: nginx
      cert-manager.io/cluster-issuer: "letsencrypt-prod"
      nginx.ingress.kubernetes.io/ssl-redirect: "true"
      nginx.ingress.kubernetes.io/whitelist-source-range: "10.10.10.0/24"
    ingressClassName: "nginx"
    pathType: Prefix
    activeService: true
    hosts:
      - host: abc.xyz.com
        paths: []
    extraPaths: []
    tls:
      - secretName: vault-tls
        hosts:
          - abc.xyz.com
    loadBalancerIP: 10.10.10.10
  hostAliases: []
  route:
    enabled: false
    activeService: true
    labels: {}
    annotations: {}
    host: chart-example.local
    tls:
      termination: passthrough
  authDelegator:
    enabled: true
  extraInitContainers: null
  extraContainers: null
  shareProcessNamespace: false
  extraArgs: ""
  extraPorts: null
  readinessProbe:
    enabled: true
    port: 8200
    failureThreshold: 2
    initialDelaySeconds: 5
    periodSeconds: 5
    successThreshold: 1
    timeoutSeconds: 3
  livenessProbe:
    enabled: false
    execCommand: []
    path: "/v1/sys/health?standbyok=true"
    port: 8200
    failureThreshold: 2
    initialDelaySeconds: 60
    periodSeconds: 5
    successThreshold: 1
    timeoutSeconds: 3

When I run:

kubectl get ingress  
NAME    CLASS   HOSTS                  ADDRESS        PORTS     AGE
vault   nginx   abc.xyz.com   5.5.99.30   80, 443   2m10s

I get a random IP Address. So, this cannot work (cannot validate the TLS Certificate) as my domain abc.xyz.com refers to IP: 10.10.10.10.