diff --git a/.helm/templates/20-ingress-tuf-router.yaml b/.helm/templates/20-ingress-tuf-router.yaml
index ab9297a98..89caeb1fa 100644
--- a/.helm/templates/20-ingress-tuf-router.yaml
+++ b/.helm/templates/20-ingress-tuf-router.yaml
@@ -2,8 +2,8 @@
 {{- if  hasPrefix "review" .Values.werf.env }}
 {{- $host = ( printf "%s.%s" .Values.werf.env (pluck "dev" .Values.host | first | default .Values.host._default ) | lower ) }}
 {{- end }}
-{{- $targetCluster := include "targetCluster" . }}
 {{- $ruHost := pluck .Values.werf.env .Values.ruHost | first | default (printf "ru.%s" $host) }}
+{{- $ingressSecretName := pluck .Values.werf.env .Values.ingressSecretName | first | default .Values.ingressSecretName._default }}
 
 apiVersion: networking.k8s.io/v1
 kind: Ingress
@@ -14,20 +14,15 @@ spec:
   ingressClassName: {{ include "ingressClassName" . }}
   tls:
   - hosts:
+      - {{ $host }}
 {{- if eq .Values.werf.env "production" }}
-{{- if eq $targetCluster "ru" }}
       - {{ $ruHost }}
+    secretName: {{ $ingressSecretName }}
 {{- else }}
-      - {{ $host }}
-{{- end }}
-    secretName: tls-{{ $host }}
-{{- else }}
-      - {{ $host }}
       - ru-{{ $host }}
-    secretName: {{ pluck .Values.werf.env .Values.ingressSecretName | first | default .Values.ingressSecretName._default }}
+    secretName: {{ $ingressSecretName }}
 {{- end }}
   rules:
-{{- if or (ne .Values.werf.env "production") (eq $targetCluster "eu") }}
   - host: {{ $host }}
     http:
       paths:
@@ -45,9 +40,7 @@ spec:
             name: tuf-router
             port:
               name: http
-{{- end }}
 {{- if eq .Values.werf.env "production" }}
-{{- if eq $targetCluster "ru" }}
   - host: {{ $ruHost }}
     http:
       paths:
@@ -65,7 +58,6 @@ spec:
             name: tuf-router
             port:
               name: http
-{{- end }}
 {{- else }}
   - host: ru-{{ $host }}
     http:
diff --git a/.helm/templates/20-ingress.yaml b/.helm/templates/20-ingress.yaml
index 3ad374134..e78dd441f 100644
--- a/.helm/templates/20-ingress.yaml
+++ b/.helm/templates/20-ingress.yaml
@@ -2,9 +2,9 @@
 {{- if  hasPrefix "review" .Values.werf.env }}
 {{- $host = ( printf "%s.%s" .Values.werf.env (pluck "dev" .Values.host | first | default .Values.host._default ) | lower ) }}
 {{- end }}
-{{- $targetCluster := include "targetCluster" . }}
 {{- $ruHost := pluck .Values.werf.env .Values.ruHost | first | default (printf "ru.%s" $host) }}
 {{- $wwwHost := printf "www.%s" $host }}
+{{- $ingressSecretName := pluck .Values.werf.env .Values.ingressSecretName | first | default .Values.ingressSecretName._default }}
 {{- if eq .Values.werf.env "production" }}
 ---
 apiVersion: networking.k8s.io/v1
@@ -22,15 +22,11 @@ spec:
   ingressClassName: {{ include "ingressClassName" . }}
   tls:
   - hosts:
-{{- if eq $targetCluster "ru" }}
-      - {{ $ruHost }}
-{{- else }}
       - {{ $host }}
       - {{ $wwwHost }}
-{{- end }}
-    secretName: tls-{{ $host }}
+      - {{ $ruHost }}
+    secretName: {{ $ingressSecretName }}
   rules:
-{{- if eq $targetCluster "eu" }}
   - host: {{ $host }}
     http:
       paths:
@@ -41,7 +37,6 @@ spec:
             name: backend
             port:
               name: http
-{{- else }}
   - host: {{ $ruHost }}
     http:
       paths:
@@ -52,7 +47,6 @@ spec:
             name: backend
             port:
               name: http
-{{- end }}
 {{- else }}
 ---
 apiVersion: networking.k8s.io/v1
@@ -73,7 +67,7 @@ spec:
   tls:
   - hosts:
       - {{ $host }}
-    secretName: {{ pluck .Values.werf.env .Values.ingressSecretName | first | default .Values.ingressSecretName._default }}
+    secretName: {{ $ingressSecretName }}
   rules:
   - host: {{ $host }}
     http:
@@ -104,7 +98,7 @@ spec:
   tls:
   - hosts:
       - ru-{{ $host }}
-    secretName: {{ pluck .Values.werf.env .Values.ingressSecretName | first | default .Values.ingressSecretName._default }}
+    secretName: {{ $ingressSecretName }}
   rules:
   - host: ru-{{ $host }}
     http:
@@ -118,27 +112,3 @@ spec:
               name: http
 {{- end }}
 
-{{- if eq .Values.werf.env "production" }}
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: {{ .Chart.Name }}-cert
-spec:
-  secretName: tls-{{ $host }}
-  issuerRef:
-    kind: ClusterIssuer
-    name: {{ include "certificateIssuerName" . }}
-{{- if eq $targetCluster "ru" }}
-  commonName: {{ $ruHost }}
-{{- else }}
-  commonName: {{ $host }}
-{{- end }}
-  dnsNames:
-{{- if eq $targetCluster "ru" }}
-  - {{ $ruHost }}
-{{- else }}
-  - {{ $host }}
-  - {{ $wwwHost }}
-{{- end }}
-{{- end }}
diff --git a/.helm/values.yaml b/.helm/values.yaml
index d5eb4fed9..9de31e0a5 100644
--- a/.helm/values.yaml
+++ b/.helm/values.yaml
@@ -32,14 +32,12 @@ ingressClassName:
   _default: "nginx"
   production: "standalone-geo"
 
-certificateIssuerName:
-  _default: letsencrypt
-  production: letsencrypt-standalone-geo
 
 ingressSecretName:
   _default: wildcard-dev-flant-dev
   test: wildcard-test-flant-dev
   stage: wildcard-stage-flant-dev
+  production: tls-werf-io
 
 resources:
   requests: