diff --git a/apps/base/uptime-kuma/kustomization.yaml b/apps/base/uptime-kuma/kustomization.yaml
index 849d7d55c46352082cdcc0da291610b23e9ed80c..ef00bae08bb54aa5ffd51a69065aa794fcebe2fa 100644
--- a/apps/base/uptime-kuma/kustomization.yaml
+++ b/apps/base/uptime-kuma/kustomization.yaml
@@ -7,7 +7,9 @@ resources:
   - release.yaml
   - ../../../shared/networkpolicies/allow-from-same-namespace.yaml
   - ../../../shared/networkpolicies/allow-from-ingress.yaml
+  - ../../../shared/networkpolicies/allow-from-http-challenge.yaml
   - ../../../shared/networkpolicies/allow-to-kubedns.yaml
   - ../../../shared/networkpolicies/allow-to-public-web.yaml
+  - ../../../shared/networkpolicies/allow-to-public-web-http-challenge.yaml
 patchesStrategicMerge:
   - networkpolicy.yaml
diff --git a/shared/networkpolicies/allow-from-http-challenge.yaml b/shared/networkpolicies/allow-from-http-challenge.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..ab9b1a37a2d0af6bb13257147048fdcf227e0253
--- /dev/null
+++ b/shared/networkpolicies/allow-from-http-challenge.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-from-ingress
+spec:
+  ingress:
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          ingress.shivering-isles.com/network-access-required: "true"
+  podSelector:
+    matchLabels:
+      acme.cert-manager.io/http01-solver: "true"
\ No newline at end of file
diff --git a/shared/networkpolicies/allow-to-public-web-http-challenge.yaml b/shared/networkpolicies/allow-to-public-web-http-challenge.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..12eef6c6f03ac6e1d64959a359be18e0a2eeb29a
--- /dev/null
+++ b/shared/networkpolicies/allow-to-public-web-http-challenge.yaml
@@ -0,0 +1,24 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-to-public-web
+spec:
+  egress:
+  - to:
+    - ipBlock:
+        except:
+          - "192.168.0.0/16"
+          - "172.16.0.0/12"
+          - "10.0.0.0/8"
+          - "169.254.0.0/16"
+          - "100.64.0.0/10"
+        cidr: 0.0.0.0/0
+    ports:
+      - protocol: TCP
+        port: 80
+  policyTypes:
+  - Egress
+  podSelector:
+    matchLabels:
+      acme.cert-manager.io/http01-solver: "true"
\ No newline at end of file