diff --git a/apps/cert-manager/overlays/system/clusterissuer.yaml b/apps/cert-manager/overlays/system/clusterissuer.yaml
new file mode 100644
index 0000000..8a72fb9
--- /dev/null
+++ b/apps/cert-manager/overlays/system/clusterissuer.yaml
@@ -0,0 +1,21 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-issuer
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: david@dmwl.net
+    privateKeySecretRef:
+      name: letsencrypt-issuer
+    solvers:
+    - dns01:
+        route53:
+          region: us-east-1
+          hostedZoneID: Z10070322U6TSCLWYTH55
+          accessKeyIDSecretRef:
+            name: aws-dns-iam
+            key: access-key-id
+          secretAccessKeySecretRef:
+            name: aws-dns-iam
+            key: secret-access-key
diff --git a/apps/cert-manager/overlays/system/kustomization.yaml b/apps/cert-manager/overlays/system/kustomization.yaml
index 2333422..ef1328d 100644
--- a/apps/cert-manager/overlays/system/kustomization.yaml
+++ b/apps/cert-manager/overlays/system/kustomization.yaml
@@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ../../base
+  - ./clusterissuer.yaml