diff --git a/cinder/Chart.yaml b/cinder/Chart.yaml
index e7f3469530..511c86c588 100644
--- a/cinder/Chart.yaml
+++ b/cinder/Chart.yaml
@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Cinder
 name: cinder
-version: 0.1.7
+version: 0.1.8
 home: https://docs.openstack.org/cinder/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Cinder/OpenStack_Project_Cinder_vertical.png
 sources:
diff --git a/cinder/values_overrides/tls.yaml b/cinder/values_overrides/tls.yaml
index 9b97c7c3b3..3849cde9ca 100644
--- a/cinder/values_overrides/tls.yaml
+++ b/cinder/values_overrides/tls.yaml
@@ -97,7 +97,6 @@ endpoints:
           secretName: cinder-tls-api
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
     scheme:
       default: https
       internal: https
@@ -111,7 +110,6 @@ endpoints:
           secretName: cinder-tls-api
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
     scheme:
       default: https
       internal: https
@@ -125,7 +123,6 @@ endpoints:
           secretName: cinder-tls-api
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
     scheme:
       default: https
       internal: https
diff --git a/glance/Chart.yaml b/glance/Chart.yaml
index 7ae9544a65..e97de75268 100644
--- a/glance/Chart.yaml
+++ b/glance/Chart.yaml
@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Glance
 name: glance
-version: 0.1.2
+version: 0.1.3
 home: https://docs.openstack.org/glance/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Glance/OpenStack_Project_Glance_vertical.png
 sources:
diff --git a/glance/values_overrides/tls.yaml b/glance/values_overrides/tls.yaml
index b96d1e7ee0..20d8ff4b0b 100644
--- a/glance/values_overrides/tls.yaml
+++ b/glance/values_overrides/tls.yaml
@@ -92,7 +92,6 @@ endpoints:
           secretName: glance-tls-api
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
     scheme:
       default: https
       public: https
@@ -106,7 +105,6 @@ endpoints:
           secretName: glance-tls-reg
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
     scheme:
       default: https
       public: https
diff --git a/heat/Chart.yaml b/heat/Chart.yaml
index 095ae73ad0..b9007ab19c 100644
--- a/heat/Chart.yaml
+++ b/heat/Chart.yaml
@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Heat
 name: heat
-version: 0.1.3
+version: 0.1.4
 home: https://docs.openstack.org/heat/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Heat/OpenStack_Project_Heat_vertical.png
 sources:
diff --git a/heat/values_overrides/tls.yaml b/heat/values_overrides/tls.yaml
index ddeb59dfaf..f7f36e4384 100644
--- a/heat/values_overrides/tls.yaml
+++ b/heat/values_overrides/tls.yaml
@@ -144,7 +144,6 @@ endpoints:
           secretName: heat-tls-api
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
     scheme:
       default: https
     port:
@@ -157,7 +156,6 @@ endpoints:
           secretName: heat-tls-cfn
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
     scheme:
       default: https
     port:
@@ -171,7 +169,7 @@ endpoints:
           secretName: heat-tls-cloudwatch
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
+            kind: Issuer
   ingress:
     port:
       ingress:
diff --git a/horizon/Chart.yaml b/horizon/Chart.yaml
index 154dd4e08d..733092ee19 100644
--- a/horizon/Chart.yaml
+++ b/horizon/Chart.yaml
@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Horizon
 name: horizon
-version: 0.1.4
+version: 0.1.5
 home: https://docs.openstack.org/horizon/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Horizon/OpenStack_Project_Horizon_vertical.png
 sources:
diff --git a/horizon/values_overrides/tls.yaml b/horizon/values_overrides/tls.yaml
index 562962d20a..82e25d0259 100644
--- a/horizon/values_overrides/tls.yaml
+++ b/horizon/values_overrides/tls.yaml
@@ -93,7 +93,6 @@ endpoints:
           secretName: horizon-tls-web
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
     scheme:
       default: https
       public: https
diff --git a/keystone/Chart.yaml b/keystone/Chart.yaml
index f55f1e05f7..3c4f4442ef 100644
--- a/keystone/Chart.yaml
+++ b/keystone/Chart.yaml
@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Keystone
 name: keystone
-version: 0.1.4
+version: 0.1.5
 home: https://docs.openstack.org/keystone/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png
 sources:
diff --git a/keystone/values_overrides/tls.yaml b/keystone/values_overrides/tls.yaml
index 7b19d4fad9..5aaa7cf3dc 100644
--- a/keystone/values_overrides/tls.yaml
+++ b/keystone/values_overrides/tls.yaml
@@ -68,7 +68,7 @@ endpoints:
           secretName: keystone-tls-api
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
+            kind: Issuer
     scheme:
       default: https
       public: https
diff --git a/neutron/Chart.yaml b/neutron/Chart.yaml
index f43d5f3a24..3316450d1f 100644
--- a/neutron/Chart.yaml
+++ b/neutron/Chart.yaml
@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Neutron
 name: neutron
-version: 0.1.7
+version: 0.1.8
 home: https://docs.openstack.org/neutron/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png
 sources:
diff --git a/neutron/values_overrides/tls.yaml b/neutron/values_overrides/tls.yaml
index b55a16092c..e8aa3fe762 100644
--- a/neutron/values_overrides/tls.yaml
+++ b/neutron/values_overrides/tls.yaml
@@ -117,7 +117,6 @@ endpoints:
           secretName: neutron-tls-server
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
     scheme:
       default: https
     port:
diff --git a/nova/Chart.yaml b/nova/Chart.yaml
index bc04b638dd..852c465956 100644
--- a/nova/Chart.yaml
+++ b/nova/Chart.yaml
@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Nova
 name: nova
-version: 0.1.8
+version: 0.1.9
 home: https://docs.openstack.org/nova/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png
 sources:
diff --git a/nova/values_overrides/tls.yaml b/nova/values_overrides/tls.yaml
index 59a8e7a63c..7df4dd82e9 100644
--- a/nova/values_overrides/tls.yaml
+++ b/nova/values_overrides/tls.yaml
@@ -171,7 +171,6 @@ endpoints:
           secretName: nova-tls-api
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
     scheme:
       default: 'https'
     port:
@@ -184,7 +183,6 @@ endpoints:
           secretName: metadata-tls-metadata
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
     scheme:
       default: https
     port:
@@ -197,7 +195,6 @@ endpoints:
           secretName: nova-novncproxy-tls-proxy
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
     scheme:
       default: https
     port:
@@ -210,7 +207,6 @@ endpoints:
           secretName: nova-tls-spiceproxy
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
     scheme:
       default: https
   placement:
@@ -220,7 +216,6 @@ endpoints:
           secretName: placement-tls-api
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
     scheme:
       default: https
     port:
diff --git a/placement/Chart.yaml b/placement/Chart.yaml
index 0c433f7ee6..d7d909aa9a 100644
--- a/placement/Chart.yaml
+++ b/placement/Chart.yaml
@@ -16,7 +16,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Placement
 name: placement
-version: 0.1.5
+version: 0.1.6
 home: https://docs.openstack.org/placement/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Placement/OpenStack_Project_Placement_vertical.png
 sources:
diff --git a/placement/values_overrides/tls.yaml b/placement/values_overrides/tls.yaml
index adfd3594c0..b2906032e4 100644
--- a/placement/values_overrides/tls.yaml
+++ b/placement/values_overrides/tls.yaml
@@ -68,7 +68,6 @@ endpoints:
           secretName: placement-tls-api
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
     scheme:
       default: https
     port:
diff --git a/tools/scripts/tls/cert-manager.sh b/tools/scripts/tls/cert-manager.sh
index 6590c172b7..a3ab4a1cb4 100755
--- a/tools/scripts/tls/cert-manager.sh
+++ b/tools/scripts/tls/cert-manager.sh
@@ -2,7 +2,7 @@
 
 set -eux
 
-: ${CERT_MANAGER_VERSION:="v1.1.0"}
+: ${CERT_MANAGER_VERSION:="v0.15.0"}
 
 cert_path="/etc/openstack-helm"
 ca_cert_root="$cert_path/certs/ca"
@@ -126,12 +126,14 @@ helm repo update
 helm install --name cert-manager --namespace cert-manager \
   --version ${CERT_MANAGER_VERSION} jetstack/cert-manager \
   --set installCRDs=true \
+  --set featureGates=ExperimentalCertificateControllers=true \
   --set extraArgs[0]="--enable-certificate-owner-ref=true"
 
 # helm 3 command
 # helm install cert-manager jetstack/cert-manager --namespace cert-manager \
 #   --version ${CERT_MANAGER_VERSION} \
 #   --set installCRDs=true \
+#.  --set featureGates=ExperimentalCertificateControllers=true \
 #   --set extraArgs[0]="--enable-certificate-owner-ref=true"
 
 helm repo remove jetstack
@@ -145,15 +147,16 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: ca-key-pair
-  namespace: cert-manager
+  namespace: openstack
 data:
   tls.crt: $crt
   tls.key: $key
 ---
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
+apiVersion: cert-manager.io/v1alpha3
+kind: Issuer
 metadata:
   name: ca-issuer
+  namespace: openstack
 spec:
   ca:
     secretName: ca-key-pair