diff --git a/share/gitea-tekton-org/auto-ci.tf b/share/gitea-tekton-org/auto-ci.tf
index 500abe6..32615b5 100644
--- a/share/gitea-tekton-org/auto-ci.tf
+++ b/share/gitea-tekton-org/auto-ci.tf
@@ -19,20 +19,20 @@ resource "kubectl_manifest" "ci-trigger-push" {
       labels: ${jsonencode(local.push-labels)}
     spec:
       bindings:
-        - name: artifactory-url
-          value: "$(extensions.artifactory-url)"
-        - name: project-name
-          value: "$(extensions.project-name)"
-        - name: project-path
-          value: "$(extensions.project-path)"
-        - name: git-repository-url
-          value: "$(extensions.git-repository-url)"
-        - name: git-revision
-          value: "$(extensions.git-revision)"
-        - name: git-default-branch
-          value: "$(extensions.git-default-branch)"
-        - name: branch-name
-          value: $(extensions.branch-name)
+      - name: artifactory-url
+        value: "$(extensions.artifactory-url)"
+      - name: project-name
+        value: "$(extensions.project-name)"
+      - name: project-path
+        value: "$(extensions.project-path)"
+      - name: git-repository-url
+        value: "$(extensions.git-repository-url)"
+      - name: git-revision
+        value: "$(extensions.git-revision)"
+      - name: git-default-branch
+        value: "$(extensions.git-default-branch)"
+      - name: branch-name
+        value: $(extensions.branch-name)
       template:
         spec:
           params:
@@ -90,6 +90,12 @@ resource "kubectl_manifest" "ci-trigger-push" {
                     resources:
                       requests:
                         storage: 1Gi
+              - name: sslcertdir
+                secret:
+                  secretName: gitea
+                  items:
+                  - key: "ca.crt"
+                    path: "ca.crt"
               - name: ssh
                 secret:
                   secretName: ssh-credentials
diff --git a/share/gitea-tekton-org/gitea_hook.tf b/share/gitea-tekton-org/gitea_hook.tf
index 6b83b13..dd0c0ab 100644
--- a/share/gitea-tekton-org/gitea_hook.tf
+++ b/share/gitea-tekton-org/gitea_hook.tf
@@ -61,12 +61,21 @@ resource "restapi_object" "ci-token" {
   })
 }
 
+data "kubernetes_secret_v1" "gitea-cert" {
+  metadata {
+    name = "gitea-cert"
+    namespace = "${var.domain}-ci"
+  }
+}
+
+
 resource "kubernetes_secret_v1" "ci-user-token-secret" {
   metadata {
     name = "gitea"
     namespace = "${var.namespace}"
   }
   data = {
+    "ca.crt" = lookup(data.kubernetes_secret_v1.gitea-cert.data, "ca.crt", lookup(data.kubernetes_secret_v1.gitea-cert.data, "tls.crt", ""))
     url = "gitea-http.${var.domain}-ci.svc:3000"
     token = jsondecode(resource.restapi_object.ci-token.create_response).sha1
   }
diff --git a/share/gitea-tekton-org/tekton.dev_v1_Pipeline_auto-ci-push.yaml b/share/gitea-tekton-org/tekton.dev_v1_Pipeline_auto-ci-push.yaml
index 3590aec..82f4be3 100644
--- a/share/gitea-tekton-org/tekton.dev_v1_Pipeline_auto-ci-push.yaml
+++ b/share/gitea-tekton-org/tekton.dev_v1_Pipeline_auto-ci-push.yaml
@@ -6,6 +6,7 @@ spec:
   workspaces:
   - name: source
   - name: ssh
+  - name: sslcertdir
   params:
   - name: artifactory-url
     default: docker.io
@@ -220,4 +221,5 @@ spec:
       - name: IMAGE
         value: $(tasks.detect-stages.results.images-name)
     workspaces:
-    - name: source
\ No newline at end of file
+    - name: source
+    - name: sslcertdir
\ No newline at end of file