diff --git a/ansible/group_vars/all/oas.yml b/ansible/group_vars/all/oas.yml
index a13727b336a0711b20671dac24a80b38b441d20a..95d9797fd922ea4761c52d77619308a15c392302 100644
--- a/ansible/group_vars/all/oas.yml
+++ b/ansible/group_vars/all/oas.yml
@@ -32,7 +32,13 @@ git_local_storage_version: 'HEAD'
 git_nextcloud_version: 'd882b6952c32b5cce03e6ad9a534035ce6f01230'
 
 # Application versions
-# https://github.com/kubernetes-sigs/krew/releases
+helm:
+  # helm snap 2.15 broke for us
+  # (https://open.greenhost.net/openappstack/openappstack/issues/338), so we
+  # use a pinned version for now.
+  # We use the official helm install script for now which has no checksum.
+  version: '2.14.3'
+
 helmfile:
   # At the moment, helmfile doesn't provide sha256 sums,
   # see https://github.com/roboll/helmfile/issues/654
diff --git a/ansible/roles/apps/tasks/cert-manager.yml b/ansible/roles/apps/tasks/cert-manager.yml
index 76c584035d64d22b872aa2a4e1e8a67c44b3684e..72e451e495d62324cb5d79c25b776aa4cfcd001d 100644
--- a/ansible/roles/apps/tasks/cert-manager.yml
+++ b/ansible/roles/apps/tasks/cert-manager.yml
@@ -47,7 +47,7 @@
   shell: |
     set -e -x -o pipefail
     /usr/local/bin/helmfile \
-    -b /snap/bin/helm \
+    -b /usr/local/bin/helm \
     -e oas \
     -f {{ data_directory }}/source/helmfiles/helmfile.d/05-cert-manager.yaml \
     apply \
diff --git a/ansible/roles/apps/tasks/helmfiles.yml b/ansible/roles/apps/tasks/helmfiles.yml
index 2945f25d8223b7a615ea53b89441af59e6511e8b..ea30fda67819245c4b666202f0b4c3ab1bcee475 100644
--- a/ansible/roles/apps/tasks/helmfiles.yml
+++ b/ansible/roles/apps/tasks/helmfiles.yml
@@ -115,7 +115,7 @@
     - ONLYOFFICE_RABBITMQ_PASSWORD: "{{ onlyoffice_rabbitmq_password }}"
   shell: |
     set -e -x -o pipefail
-    /usr/local/bin/helmfile -b /snap/bin/helm -e oas \
+    /usr/local/bin/helmfile -b /usr/local/bin/helm -e oas \
     -f {{ data_directory }}/source/helmfiles/helmfile.d/20-nextcloud.yaml \
     apply --suppress-secrets \
     | sed 's/\x1B\[[0-9;]*[JKmsu]//g' \
diff --git a/ansible/roles/configure/tasks/main.yml b/ansible/roles/configure/tasks/main.yml
index 3142009593cdf25f7a3cdf26fa4778add4c4de50..6ef0ad579ed40e2e11770776676d899a30676001 100644
--- a/ansible/roles/configure/tasks/main.yml
+++ b/ansible/roles/configure/tasks/main.yml
@@ -49,31 +49,63 @@
   set_fact:
     configuration_directory: "{{ configuration_directory }}"
 
-- name: Install helm snap
-  # helm needs to get installed as "classic" snap
-  command: snap install --classic helm
+- name: Remove old helm snap installation
+  tags:
+    - helm
+  command: snap remove helm
   args:
-    creates: /snap/bin/helm
+    removes: /snap/bin/helm
 
-- name: Create kubectl symlink to /usr/local/bin
-  file:
-    state: link
-    src: /snap/bin/helm
-    dest: /usr/local/bin/helm
+- name: Get current helm version
+  tags:
+    - helm
+  shell: helm version | grep 'Client' | cut -d'"' -f 2 | tr -d 'v'
+  failed_when: false
+  register: helm_version
+  changed_when: false
+
+- name: Show current helm version
+  tags:
+    - helm
+    - debug
+  debug:
+    msg: 'Current helm version is: {{ helm_version.stdout }}'
+
+- name: Download helm install script
+  tags:
+    - helm
+  get_url:
+    url: https://raw.githubusercontent.com/helm/helm/master/scripts/get
+    dest: /usr/local/bin/get-helm
+    force: yes
+    mode: '0755'
+  become: true
+
+- name: Install helm
+  tags:
+    - helm
+  command: /usr/local/bin/get-helm --version v{{ helm.version }}
+  when: helm_version.stdout != helm.version
 
 - name: Create helm plugins config directory
+  tags:
+    - helm
   file:
     state: directory
     path: /root/.helm/plugins
 
 - name: Install helm diff plugin
-  command: /snap/bin/helm plugin install https://github.com/databus23/helm-diff
+  tags:
+    - helm
+  command: /usr/local/bin/helm plugin install https://github.com/databus23/helm-diff
   args:
     creates: /root/.helm/plugins/helm-diff
 
 - name: Install helm git plugin
+  tags:
+    - helm
   # Use GH version until https://github.com/aslafy-z/helm-git/pull/11 is merged
-  command: /snap/bin/helm plugin install https://github.com/greenhost/helm-git --version bash-support
+  command: /usr/local/bin/helm plugin install https://github.com/greenhost/helm-git --version bash-support
   args:
     creates: /root/.helm/plugins/helm-git
 
diff --git a/ansible/roles/setup/tasks/tiller.yml b/ansible/roles/setup/tasks/tiller.yml
index 37fa1cf5a231012d87ad71c8d8d41a3821033369..e0570fdef0b993d604b78a801da342bb65237205 100644
--- a/ansible/roles/setup/tasks/tiller.yml
+++ b/ansible/roles/setup/tasks/tiller.yml
@@ -32,7 +32,7 @@
   tags:
     - helm
     - tiller
-  command: /snap/bin/helm ls
+  command: /usr/local/bin/helm ls
   failed_when: false
   register: helm_ls
   changed_when: false
@@ -41,7 +41,7 @@
   tags:
     - tiller
     - helm
-  command: /snap/bin/helm init --upgrade --service-account=tiller
+  command: /usr/local/bin/helm init --upgrade --service-account=tiller
   when: helm_ls.stderr.find('Error') != -1
 
 - name: Wait for tiller to become available