diff --git a/cert-manager/clusterissuer.yaml b/cert-manager/clusterissuer.yaml
new file mode 100644
index 0000000..890e5ce
--- /dev/null
+++ b/cert-manager/clusterissuer.yaml
@@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: ryan@lunarfront.tech
+    privateKeySecretRef:
+      name: letsencrypt-prod-key
+    solvers:
+      - http01:
+          ingress:
+            ingressClassName: nginx
diff --git a/gitea/values.yaml b/gitea/values.yaml
index e9b8d4e..feaa765 100644
--- a/gitea/values.yaml
+++ b/gitea/values.yaml
@@ -78,13 +78,14 @@ ingress:
   annotations:
     nginx.ingress.kubernetes.io/ssl-redirect: "true"
     nginx.ingress.kubernetes.io/proxy-body-size: "0"
+    cert-manager.io/cluster-issuer: letsencrypt-prod
   hosts:
     - host: git.lunarfront.tech
       paths:
         - path: /
           pathType: Prefix
   tls:
-    - secretName: cloudflare-origin-cert
+    - secretName: git-lunarfront-tech-tls
       hosts:
         - git.lunarfront.tech