Set appropriate annotations and secret for Ingress as shown below:
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: some-name
namespace: default
annotations:
kubernetes.io/tls-acme: "true"
certmanager.k8s.io/cluster-issuer: "letsencrypt-[staging|prod]"
spec:
tls:
- hosts:
- host.domain.tld
secretName: host-domain-tls-[staging|prod]
rules:
...
...
When using RBAC and ServiceAccount, make sure you have granted access to the host-domain-tls-[staging|prod]
secret where cert-manager
will store the certificate it obtained from Let's Encrypt for the domain.