diff --git a/base/ingress.k b/base/ingress.k
index 7057670..11effa0 100644
--- a/base/ingress.k
+++ b/base/ingress.k
@@ -12,9 +12,6 @@ httpServiceRender = lambda h: HTTPService {
         kind = "Ingress"
         metadata = {
             name = h.service
-            annotations = {
-                "cert-manager.io/issuer": "letsencrypt"
-            }
         }
         spec = {
             rules = [{
@@ -38,3 +35,26 @@ httpServiceRender = lambda h: HTTPService {
     }
     [ingress]
 }
+
+certInjector = lambda input: networkingv1.Ingress | any {
+    """Inject cert to Ingress"""
+    _result: any = {}
+    if input.kind != "Ingress":
+        _result = input
+    else:
+        ingress: networkingv1.Ingress = input as networkingv1.Ingress
+        print(ingress)
+        ingress.metadata.annotations = {"cert-manager.io/issuer" = "letsencrypt"}
+        ingress.spec.tls = [{
+            hosts = [r.host for r in ingress.spec.rules]
+            secretName = "tls-" + ingress.metadata.name
+        }]
+        _result = ingress
+    _result
+}
+
+httpServiceRefine = lambda h: HTTPService {
+    ingress = httpServiceRender(h)
+    ingress2 = certInjector(ingress[0])
+    ingress2
+}
diff --git a/main.k b/main.k
index 082b45a..a51b5bc 100644
--- a/main.k
+++ b/main.k
@@ -26,15 +26,17 @@ envs = base.Envs {
 
 http = base.HTTPService {
     service = "nginxxx"
-    domain = "nginxxx.ve.suyiiyii.top"
+    domain = prefix + "nginxxx.ve.suyiiyii.top"
 }
 
+prefix = option(prefix, "str", False, "")
 deploys = sum([base.appRender(a) for a in apps], [])
 
 apps_manifests = [base.envInjector(envs, deploy) for deploy in deploys]
 
-ingresses = [base.httpServiceRender(http)]
+ingresses = [base.httpServiceRefine(http)]
 
 env_manifests = [base.envSecretRender(a) for a in base.Envs.instances()]
 # base.appRender(a)
-manifests.yaml_stream([apps_manifests, env_manifests, ingresses,base.issuer])
+manifests.yaml_stream([apps_manifests, env_manifests, ingresses, base.issuer])
+# print(prefix)