diff --git a/basic/apps/dev/gitea-values-configmap.yaml b/basic/apps/dev/gitea-values-configmap.yaml
index 973627c816a5769cc6a99ea72123da3adf7a5008..f2bad1f829f073878a56a773e17a2fabcf2e56cb 100644
--- a/basic/apps/dev/gitea-values-configmap.yaml
+++ b/basic/apps/dev/gitea-values-configmap.yaml
@@ -10,6 +10,7 @@ data:
       enabled: true
       annotations:
         kubernetes.io/tls-acme: "true"
+        certmanager.k8s.io/cluster-issuer: letsencrypt-issuer-staging
       hosts:
         - host: "dev.${domain}"
           paths:
@@ -19,7 +20,6 @@ data:
         - secretName: gitea-tls
           hosts:
             - "dev.${domain}"
-            - "tempdev.${domain}"
     gitea:
       oauth:
         - name: Stackspin
diff --git a/basic/apps/do/vikunja-values-configmap.yaml b/basic/apps/do/vikunja-values-configmap.yaml
index ca8abff70b3265ae5f24389db14e0fe861884f15..70ff3dbe4b916dab6efa287b5a42e622772b570b 100644
--- a/basic/apps/do/vikunja-values-configmap.yaml
+++ b/basic/apps/do/vikunja-values-configmap.yaml
@@ -29,6 +29,7 @@ data:
         primary: false
         annotations:
           kubernetes.io/tls-acme: "true"
+          certmanager.k8s.io/cluster-issuer: letsencrypt-issuer-staging
         hosts:
           - host: "do.${domain}"
             paths:
@@ -38,7 +39,6 @@ data:
           - secretName: vikunja
             hosts:
               - "do.${domain}"
-              - "tempdo.${domain}"
     additionalContainers:
       api:
         image: vikunja/api:0.18.1
diff --git a/basic/apps/people/suitecrm-values-configmap.yaml b/basic/apps/people/suitecrm-values-configmap.yaml
index afd5bde5499bd94811fa336e4866216aed667885..6d90d96231203b0c662692f097a60c63538988b3 100644
--- a/basic/apps/people/suitecrm-values-configmap.yaml
+++ b/basic/apps/people/suitecrm-values-configmap.yaml
@@ -10,6 +10,7 @@ data:
       enabled: true
       annotations:
         kubernetes.io/tls-acme: "true"
+        certmanager.k8s.io/cluster-issuer: letsencrypt-issuer-staging
       hostname: "people.${domain}"
       tls: true
       #  - secretName: suitecrm-tls
diff --git a/basic/overrides/cluster-issuer-staging.yaml b/basic/overrides/cluster-issuer-staging.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..c1e38a67e6770795ae0cae149eb3cf7c2efd323d
--- /dev/null
+++ b/basic/overrides/cluster-issuer-staging.yaml
@@ -0,0 +1,18 @@
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-issuer-staging
+spec:
+  acme:
+    email: ${admin_email}
+    # overwrite this to "https://acme-staging-v02.api.letsencrypt.org/directory" for staging
+    server: "https://acme-staging-v02.api.letsencrypt.org/directory"
+    privateKeySecretRef:
+      # Secret resource used to store the account's private key.
+      name: letsencrypt-account-key
+    # Enable the HTTP01 challenge mechanism for this Issuer
+    solvers:
+    - http01:
+        ingress:
+          class: nginx