diff --git a/prombench/manifests/cert-manager/1b_certificate.yaml b/prombench/manifests/cert-manager/1b_certificate.yaml
new file mode 100644
index 000000000..38c680853
--- /dev/null
+++ b/prombench/manifests/cert-manager/1b_certificate.yaml
@@ -0,0 +1,12 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: prometheus-meta
+  namespace: default
+spec:
+  dnsNames:
+    - prombench.prometheus.io 
+  secretName: prombench-prometheus-tls
+  issuerRef:
+    name: letsencrypt-cluster-issuer
+    kind: ClusterIssuer
diff --git a/prombench/manifests/cert-manager/1c_issuer.yaml b/prombench/manifests/cert-manager/1c_issuer.yaml
new file mode 100644
index 000000000..e68b68a89
--- /dev/null
+++ b/prombench/manifests/cert-manager/1c_issuer.yaml
@@ -0,0 +1,15 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-cluster-issuer
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: vanditsinghkv@gmail.com
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    solvers:
+    - http01:
+        ingress:
+          class: nginx
+
diff --git a/prombench/manifests/cluster-infra/3b_prometheus-meta.yaml b/prombench/manifests/cluster-infra/3b_prometheus-meta.yaml
index 88482363c..05ce2fea2 100644
--- a/prombench/manifests/cluster-infra/3b_prometheus-meta.yaml
+++ b/prombench/manifests/cluster-infra/3b_prometheus-meta.yaml
@@ -242,7 +242,7 @@ metadata:
     prometheus: meta
     app: prometheus-meta
 spec:
-  type: NodePort
+  type: ClusterIP
   ports:
   - name: prom-web
     port: 80
@@ -257,9 +257,13 @@ kind: Ingress
 metadata:
   name: ingress-prometheus-meta
   annotations:
-    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
 spec:
   ingressClassName: nginx
+  tls:
+  - hosts:
+      - prombench.prometheus.io
+    secretName: prombench-prometheus-tls
   rules:
   - http:
       paths: