diff --git a/deploy/kubelessDeploy.js b/deploy/kubelessDeploy.js
index 7fa10fe..20b91ce 100644
--- a/deploy/kubelessDeploy.js
+++ b/deploy/kubelessDeploy.js
@@ -147,6 +147,7 @@ class KubelessDeploy {
       {
         namespace: this.serverless.service.provider.namespace,
         hostname: this.serverless.service.provider.hostname,
+        enableTLSAcme: this.serverless.service.provider.enableTLSAcme || false,
         defaultDNSResolution: this.serverless.service.provider.defaultDNSResolution,
         memorySize: this.serverless.service.provider.memorySize,
         force: this.options.force,
diff --git a/lib/deploy.js b/lib/deploy.js
index b3d835a..b66e6db 100644
--- a/lib/deploy.js
+++ b/lib/deploy.js
@@ -459,6 +459,7 @@ function deploy(functions, runtime, service, options) {
     verbose: false,
     log: console.log,
     contentType: 'text',
+    enableTLSAcme: false,
   });
   const errors = [];
   let counter = 0;
@@ -483,6 +484,7 @@ function deploy(functions, runtime, service, options) {
                 hostname: options.hostname,
                 defaultDNSResolution: options.defaultDNSResolution,
                 namespace: ns,
+                enableTLSAcme: options.enableTLSAcme,
               }),
             });
           });
@@ -501,6 +503,7 @@ function deploy(functions, runtime, service, options) {
                   hostname: options.hostname,
                   defaultDNSResolution: options.defaultDNSResolution,
                   namespace: ns,
+                  enableTLSAcme: options.enableTLSAcme,
                 }),
               });
             });
diff --git a/lib/ingress.js b/lib/ingress.js
index f9b8de0..31290b2 100644
--- a/lib/ingress.js
+++ b/lib/ingress.js
@@ -29,6 +29,7 @@ function addIngressRuleIfNecessary(ruleName, functions, options) {
     namespace: 'default',
     hostname: null,
     defaultDNSResolution: 'nip.io',
+    enableTLSAcme: false,
   });
   const config = helpers.loadKubeConfig();
   const extensions = new Api.Extensions(helpers.getConnectionOptions(
@@ -70,14 +71,19 @@ function addIngressRuleIfNecessary(ruleName, functions, options) {
   return new BbPromise((resolve, reject) => {
     if (!_.isEmpty(rules)) {
       // Found a path to deploy the function
+      const annotations = {
+        'kubernetes.io/ingress.class': 'nginx',
+        'nginx.ingress.kubernetes.io/rewrite-target': '/',
+      };
+      if (opts.enableTLSAcme) {
+        annotations['kubernetes.io/tls-acme'] = "true";
+        annotations['nginx.ingress.kubernetes.io/ssl-redirect'] = "true";
+      }
       const ingressDef = {
         kind: 'Ingress',
         metadata: {
           name: ruleName,
-          annotations: {
-            'kubernetes.io/ingress.class': 'nginx',
-            'nginx.ingress.kubernetes.io/rewrite-target': '/',
-          },
+          annotations,
         },
         spec: { rules },
       };