diff --git a/autoconf/src/Config.py b/autoconf/src/Config.py
index 79dd726..09e7ef6 100644
--- a/autoconf/src/Config.py
+++ b/autoconf/src/Config.py
@@ -8,10 +8,11 @@ from logger import log
 
 class Config :
 
-	def __init__(self, type, api_uri, lock=None) :
+	def __init__(self, type, api_uri, lock=None, http_port="8080") :
 		self.__type = type
 		self.__api_uri = api_uri
 		self.__lock = lock
+		self.__http_port = http_port
 
 	def __jobs(self) :
 		log("config", "INFO", "starting jobs ...")
@@ -145,16 +146,16 @@ class Config :
 				try :
 					dns_result = dns.resolver.query("tasks." + name)
 					for ip in dns_result :
-						urls.append("http://" + ip.to_text() + ":8080" + self.__api_uri + path)
+						urls.append("http://" + ip.to_text() + ":" + self.__http_port + self.__api_uri + path)
 				except :
 					ret = False
 		elif self.__type == Controller.Type.KUBERNETES :
 			for instance in instances :
 				name = instance.metadata.name
 				try :
-					dns_result = dns.resolver.query(name + ".default.svc.cluster.local")
+					dns_result = dns.resolver.query(name + "." + instance.metadata.namespace + ".svc.cluster.local")
 					for ip in dns_result :
-						urls.append("http://" + ip.to_text() + ":8080" + self.__api_uri + path)
+						urls.append("http://" + ip.to_text() + ":" + self.__http_port + self.__api_uri + path)
 				except :
 					ret = False
 
diff --git a/autoconf/src/Controller.py b/autoconf/src/Controller.py
index a454599..ed33b43 100644
--- a/autoconf/src/Controller.py
+++ b/autoconf/src/Controller.py
@@ -10,8 +10,8 @@ class Type(Enum) :
 
 class Controller(ABC) :
 
-	def __init__(self, type, api_uri=None, lock=None) :
-		self._config = Config(type, api_uri, lock)
+	def __init__(self, type, api_uri=None, lock=None, http_port="8080") :
+		self._config = Config(type, api_uri, lock=lock, http_port=http_port)
 		self.lock = lock
 
 	@abstractmethod
diff --git a/autoconf/src/IngressController.py b/autoconf/src/IngressController.py
index b0db067..a8e02a5 100644
--- a/autoconf/src/IngressController.py
+++ b/autoconf/src/IngressController.py
@@ -8,8 +8,8 @@ from logger import log
 
 class IngressController(Controller.Controller) :
 
-	def __init__(self, api_uri) :
-		super().__init__(Controller.Type.KUBERNETES, api_uri=api_uri, lock=Lock())
+	def __init__(self, api_uri, http_port) :
+		super().__init__(Controller.Type.KUBERNETES, api_uri=api_uri, lock=Lock(), http_port=http_port)
 		config.load_incluster_config()
 		self.__api = client.CoreV1Api()
 		self.__extensions_api = client.ExtensionsV1beta1Api()
@@ -78,6 +78,10 @@ class IngressController(Controller.Controller) :
 				first_servers.extend(env["SERVER_NAME"].split(" "))
 		for ingress in ingresses :
 			env.update(self.__rules_to_env(ingress.spec.rules))
+			if ingress.spec.tls :
+				for tls_entry in ingress.spec.tls :
+					for host in tls_entry.hosts :
+						env[host + "_AUTO_LETS_ENCRYPT"] = "yes"
 			if "SERVER_NAME" in env and env["SERVER_NAME"] != "" :
 				first_servers.extend(env["SERVER_NAME"].split(" "))
 		for service in services :
diff --git a/autoconf/src/SwarmController.py b/autoconf/src/SwarmController.py
index 1b194b9..61a2923 100644
--- a/autoconf/src/SwarmController.py
+++ b/autoconf/src/SwarmController.py
@@ -7,8 +7,8 @@ import Controller
 
 class SwarmController(Controller.Controller) :
 
-	def __init__(self, docker_host, api_uri) :
-		super().__init__(Controller.Type.SWARM, api_uri=api_uri, lock=Lock())
+	def __init__(self, docker_host, api_uri, http_port) :
+		super().__init__(Controller.Type.SWARM, api_uri=api_uri, lock=Lock(), http_port=http_port)
 		self.__client = docker.DockerClient(base_url=docker_host)
 
 	def __get_instances(self) :
diff --git a/autoconf/src/app.py b/autoconf/src/app.py
index 0d57211..82e416c 100644
--- a/autoconf/src/app.py
+++ b/autoconf/src/app.py
@@ -15,14 +15,15 @@ swarm		= os.getenv("SWARM_MODE", "no") == "yes"
 kubernetes	= os.getenv("KUBERNETES_MODE", "no") == "yes"
 api_uri		= os.getenv("API_URI", "")
 docker_host	= os.getenv("DOCKER_HOST", "unix:///var/run/docker.sock")
+http_port	= os.getenv("HTTP_PORT", "8080")
 
 # Instantiate the controller
 if swarm :
 	log("autoconf", "INFO", "swarm mode detected")
-	controller = SwarmController(docker_host, api_uri)
+	controller = SwarmController(docker_host, api_uri, http_port)
 elif kubernetes :
 	log("autoconf", "INFO", "kubernetes mode detected")
-	controller = IngressController(api_uri)
+	controller = IngressController(api_uri, http_port)
 else :
 	log("autoconf", "INFO", "docker mode detected")
 	controller = DockerController(docker_host)
diff --git a/confs/global/multisite-default-server-https.conf b/confs/global/multisite-default-server-https.conf
index fae416c..65ae1a5 100644
--- a/confs/global/multisite-default-server-https.conf
+++ b/confs/global/multisite-default-server-https.conf
@@ -10,4 +10,3 @@ ssl_session_cache shared:MozSSL:10m;
 ssl_dhparam /etc/nginx/dhparam;
 ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
 {% endif +%}
-include /etc/nginx/multisite-default-server-lets-encrypt-webroot.conf;
diff --git a/confs/global/multisite-default-server.conf b/confs/global/multisite-default-server.conf
index 22ece54..48378ce 100644
--- a/confs/global/multisite-default-server.conf
+++ b/confs/global/multisite-default-server.conf
@@ -2,6 +2,7 @@ server {
 	{% if LISTEN_HTTP == "yes" %}listen 0.0.0.0:{{ HTTP_PORT }} default_server{% endif +%};
 	server_name _;
 	{% if has_value("AUTO_LETS_ENCRYPT", "yes") %}include /etc/nginx/multisite-default-server-https.conf;{% endif +%}
+	include /etc/nginx/multisite-default-server-lets-encrypt-webroot.conf;
 	{% if USE_API == "yes" %}
 	location ^~ {{ API_URI }} {
 		include /etc/nginx/api.conf;
diff --git a/helpers/kubernetes-ingress.yml b/helpers/kubernetes-ingress.yml
index b54e697..f3005e4 100644
--- a/helpers/kubernetes-ingress.yml
+++ b/helpers/kubernetes-ingress.yml
@@ -16,6 +16,9 @@ metadata:
 # add "static" routes here (see https://kubernetes.io/docs/concepts/services-networking/ingress/)
 # and/or add annotations to your services (see https://github.com/bunkerity/bunkerized-nginx/tree/master/examples/kubernetes)
 spec:
+  tls:
+  - hosts:
+    - app.example.com
   rules:
   - host: "app.example.com"
     http:
diff --git a/helpers/kubernetes-nginx.yml b/helpers/kubernetes-nginx.yml
index 10656ab..8001eec 100644
--- a/helpers/kubernetes-nginx.yml
+++ b/helpers/kubernetes-nginx.yml
@@ -17,17 +17,13 @@ spec:
       serviceAccountName: bunkerized-nginx-ingress-controller
       containers:
       - name: bunkerized-nginx-autoconf
-        image: bunkerity/bunkerized-nginx-autoconf:testing
-        imagePullPolicy: Always
+        image: bunkerity/bunkerized-nginx-autoconf
+        #imagePullPolicy: Always
         env:
         - name: KUBERNETES_MODE
           value: "yes"
         - name: API_URI
           value: "/ChangeMeToSomethingHardToGuess"
-        - name: SERVER_NAME
-          value: ""
-        - name: MULTISITE
-          value: "yes"
         volumeMounts:
         - name: confs
           mountPath: /etc/nginx
@@ -85,12 +81,15 @@ spec:
         name: bunkerized-nginx
         bunkerized-nginx: "yes"
     spec:
-      hostNetwork: true
-      dnsPolicy: ClusterFirstWithHostNet
       containers:
       - name: bunkerized-nginx
-        image: bunkerity/bunkerized-nginx:testing
-        imagePullPolicy: Always
+        image: bunkerity/bunkerized-nginx
+        #imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+          hostPort: 80
+        - containerPort: 8443
+          hostPort: 443
         env:
         - name: KUBERNETES_MODE
           value: "yes"