diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index fe648a53adc3a43d236423613c989af32ed1d9cb..211ed96f2792e2c69e4f8cd46b90a4d3e5e776e5 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -132,7 +132,7 @@ stop_review:
     - auto-deploy delete rollout
     - auto-deploy persist_environment_url
   variables:
-    ADDITIONAL_HOSTS: "www.metager3.de"
+    ADDITIONAL_HOSTS: "www.metager3.de,test.metager.de"
     HELM_UPGRADE_VALUES_FILE: .gitlab/development-values.yaml
     ROLLOUT_RESOURCE_TYPE: deployment
   environment:
diff --git a/.gitlab/production-values.yaml b/.gitlab/production-values.yaml
index c2ab6cb44de47ad1d503faef53eb0b18367a8f4e..f325bae6cb567339fedd418b577821f81ae398d2 100644
--- a/.gitlab/production-values.yaml
+++ b/.gitlab/production-values.yaml
@@ -44,6 +44,23 @@ resources:
     cpu: 500m
     memory: 500M
 ingress:
+  tls:
+    enabled: true
+    custom:
+      tls:
+      - hosts:
+        - metager.de
+        - www.metager.de
+        secretName: metager-de-tls
+      - hosts:
+        - metager.org
+        - www.metager.org
+        - klassik.metager.org
+        secretName: metager-org-tls
+      - hosts:
+        - metager.es
+        - www.metager.es
+        secretName: production-auto-deploy-tls
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-prod
     nginx.ingress.kubernetes.io/configuration-snippet: |
diff --git a/.gitlab/review-apps-values.yaml b/.gitlab/review-apps-values.yaml
index 84803a4b2a3561e85447a38ea42ce805b25029bd..ca75fb793f423cf9903119076af9b7cd4d35fff3 100644
--- a/.gitlab/review-apps-values.yaml
+++ b/.gitlab/review-apps-values.yaml
@@ -7,7 +7,6 @@ resources:
   limits:
 ingress: 
   annotations: 
-    kubernetes.io/tls-acme: "false"
     nginx.ingress.kubernetes.io/ssl-redirect: "false"
     nginx.ingress.kubernetes.io/configuration-snippet: |
       more_set_headers "Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'; media-src; object-src; prefetch-src; child-src; frame-src 'self'; worker-src; frame-ancestors 'self' https://scripts.zdv.uni-mainz.de; form-action 'self' www.paypal.com; base-uri; manifest-src; plugin-types; report-uri; report-to";
@@ -19,7 +18,8 @@ ingress:
         more_set_headers "X-Frame-Options: allow-from https://scripts.zdv.uni-mainz.de/";
       }
   tls: 
-    enabled: false
+    enabled: true
+    secretName: "metager-de-tls"
 service: 
   commonName: ""
   externalPort: 80
diff --git a/chart/templates/ingress.yaml b/chart/templates/ingress.yaml
index b315cdbbd8db857965369e30427064371dc7df55..044c6fad45a0bf6ce53a10fbb805abd6de44f0ef 100644
--- a/chart/templates/ingress.yaml
+++ b/chart/templates/ingress.yaml
@@ -31,6 +31,9 @@ metadata:
 {{- end }}
 spec:
 {{- if .Values.ingress.tls.enabled }}
+{{- if .Values.ingress.tls.custom }}
+{{ toYaml .Values.ingress.tls.custom | indent 2 }}
+{{- else }}
   tls:
   - hosts:
 {{- if .Values.service.commonName }}
@@ -43,6 +46,7 @@ spec:
 {{- end -}}
 {{- end }}
     secretName: {{ .Values.ingress.tls.secretName | default (printf "%s-tls" (include "fullname" .)) }}
+{{- end }}
 {{- end }}
   rules:
   - host: {{ template "hostname" .Values.service.url }}