diff --git a/packages/system/bucket/templates/ingress.yaml b/packages/system/bucket/templates/ingress.yaml
index 759ce397..50494922 100644
--- a/packages/system/bucket/templates/ingress.yaml
+++ b/packages/system/bucket/templates/ingress.yaml
@@ -1,6 +1,7 @@
 {{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
 {{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }}
 {{- $ingress := index $myNS.metadata.annotations "namespace.cozystack.io/ingress" }}
+{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }}
 
 apiVersion: networking.k8s.io/v1
 kind: Ingress
@@ -13,8 +14,16 @@ metadata:
     nginx.ingress.kubernetes.io/proxy-body-size: "0"
     nginx.ingress.kubernetes.io/proxy-read-timeout: "99999"
     nginx.ingress.kubernetes.io/proxy-send-timeout: "99999"
+    {{- if ne $issuerType "cloudflare" }}
+    acme.cert-manager.io/http01-ingress-class: {{ $ingress }}
+    {{- end }}
+    cert-manager.io/cluster-issuer: letsencrypt-prod
 spec:
   ingressClassName: {{ $ingress }}
+  tls:
+    - hosts:
+        - "{{ .Values.bucketName }}.{{ $host }}"
+      secretName: {{ .Values.bucketName }}-ui-tls
   rules:
   - host: {{ .Values.bucketName }}.{{ $host }}
     http: