diff --git a/nix/scripts/list-helm-containers.sh b/nix/scripts/list-helm-containers.sh
index 70c3be206..5ab204776 100644
--- a/nix/scripts/list-helm-containers.sh
+++ b/nix/scripts/list-helm-containers.sh
@@ -31,9 +31,6 @@ while IFS= read -r chart; do
   echo "Running helm template on chart ${chart}…" >&2
   # The image values are left as-is
   helm template "$chart" \
-    --set secrets.zrestSecret=emptyString \
-    --set federate.dtls.tls.key=emptyString \
-    --set federate.dtls.tls.crt=emptyString \
     $( [[ -f ./values/$(basename $chart)/prod-values.example.yaml ]] && echo "-f ./values/$(basename $chart)/prod-values.example.yaml" ) \
     $( [[ -f ./values/$(basename $chart)/prod-secrets.example.yaml ]] && echo "-f ./values/$(basename $chart)/prod-secrets.example.yaml" ) \
     | yq -r '..|.image? | select(.)' | optionally_complain | sort -u
diff --git a/values/restund/prod-secrets.example.yaml b/values/restund/prod-secrets.example.yaml
new file mode 100644
index 000000000..d5f32ea32
--- /dev/null
+++ b/values/restund/prod-secrets.example.yaml
@@ -0,0 +1,23 @@
+secrets:
+  zrestSecret: "secret"
+# Assuming you run helm directly (and not helm-wrapper with sops), you can
+# simply drop your certificate/private key here. Be careful with spaces/indentation,
+# as the ingress seems to simply "swallow" errors if any (and serve the Fake default certificate
+# which is highly confusing)
+federate:
+  dtls:
+    tls:
+      # If you are having trouble with YAML formatting (getting validation errors due to spacing/indentation)
+      # try running helm with --set federate.dtls.tls.crt=your-cert.pem --set deferate.dtls.tls.key=your-key.pem
+      # instead
+      crt: |
+        -----BEGIN CERTIFICATE-----
+        .... OWN CERTIFICATE ......
+        -----END CERTIFICATE-------
+        -----BEGIN CERTIFICATE-----
+        .... INTERMEDIATE CERT ....
+        -----END CERTIFICATE-------
+      key: |
+        -----BEGIN PRIVATE KEY-----
+        .... REAL PRIV KEY  .......
+        -----END PRIVATE KEY-------
diff --git a/values/restund/prod-values.example.yaml b/values/restund/prod-values.example.yaml
new file mode 100644
index 000000000..5946f17f6
--- /dev/null
+++ b/values/restund/prod-values.example.yaml
@@ -0,0 +1,7 @@
+# If you are using Let's Encrypt and cert-manager, use issuerRef instead
+# and comment out key and crt in secrets.yaml
+#federate:
+#  dtls:
+#    tls:
+#      issuerRef:
+#        name: letsencrypt-http01