diff --git a/helm/happa/templates/happaapi-ingress.yaml b/helm/happa/templates/happaapi-ingress.yaml
index 68908553ec..181a121c57 100644
--- a/helm/happa/templates/happaapi-ingress.yaml
+++ b/helm/happa/templates/happaapi-ingress.yaml
@@ -17,9 +17,10 @@ metadata:
     nginx.ingress.kubernetes.io/cors-allow-headers: DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Authorization, Impersonate-User, Impersonate-Group
     nginx.ingress.kubernetes.io/enable-cors: "true"
 
-    {{- if .Values.happaapi.letsencrypt }}
-    kubernetes.io/tls-acme: "true"
+    {{- if .Values.ingress.tls.letsencrypt }}
     cert-manager.io/cluster-issuer: "letsencrypt-giantswarm"
+    {{- else if ne .Values.ingress.tls.clusterIssuer "" }}
+    cert-manager.io/cluster-issuer: {{ .Values.ingress.tls.clusterIssuer }}
     {{- end }}
 
     {{- if .Values.security.restrictAccess.api }}
diff --git a/helm/happa/templates/ingress.yaml b/helm/happa/templates/ingress.yaml
index 78fce21137..ef39c6212b 100644
--- a/helm/happa/templates/ingress.yaml
+++ b/helm/happa/templates/ingress.yaml
@@ -10,9 +10,10 @@ metadata:
   labels:
     app: happa
   annotations:
-    {{- if .Values.happa.letsencrypt }}
-    kubernetes.io/tls-acme: "true"
+    {{- if .Values.ingress.tls.letsencrypt }}
     cert-manager.io/cluster-issuer: "letsencrypt-giantswarm"
+    {{- else if ne .Values.ingress.tls.clusterIssuer "" }}
+    cert-manager.io/cluster-issuer: {{ .Values.ingress.tls.clusterIssuer }}
     {{- end }}
     {{- if .Values.security.restrictAccess.api }}
     nginx.ingress.kubernetes.io/whitelist-source-range: {{ template "whitelistCIDR" . }}
diff --git a/helm/happa/values.yaml b/helm/happa/values.yaml
index c8353bac66..64ed56ebf7 100644
--- a/helm/happa/values.yaml
+++ b/helm/happa/values.yaml
@@ -43,6 +43,8 @@ gcp:
 
 ingress:
   tls:
+    letsencrypt: false
+    clusterIssuer: ""
     crtPemB64: ""
     keyPemB64: ""
 
@@ -57,7 +59,6 @@ kubernetes:
 happa:
   address: ""
   host: ""
-  letsencrypt: false
   featureFlags:
     mapiAuth: false
     mapiClusters: false
@@ -66,7 +67,6 @@ happa:
 happaapi:
   address: ""
   host: ""
-  letsencrypt: false
 
 athena:
   address: ""