diff --git a/clusters/titan.lan.huizinga.dev/cert-manager/certificates/huizinga-dev.yaml b/clusters/titan.lan.huizinga.dev/cert-manager/certificates/huizinga-dev.yaml
new file mode 100644
index 0000000..35f417d
--- /dev/null
+++ b/clusters/titan.lan.huizinga.dev/cert-manager/certificates/huizinga-dev.yaml
@@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: huizinga-dev
+  namespace: default
+spec:
+  secretName: huizinga-dev-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "*.huizinga.dev"
+  dnsNames:
+    - "huizinga.dev"
+    - "*.huizinga.dev"
diff --git a/clusters/titan.lan.huizinga.dev/cert-manager/certificates/kustomization.yaml b/clusters/titan.lan.huizinga.dev/cert-manager/certificates/kustomization.yaml
index 3c1d4ab..82101ec 100644
--- a/clusters/titan.lan.huizinga.dev/cert-manager/certificates/kustomization.yaml
+++ b/clusters/titan.lan.huizinga.dev/cert-manager/certificates/kustomization.yaml
@@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - huizinga-dev-staging.yaml
+  - huizinga-dev.yaml
diff --git a/clusters/titan.lan.huizinga.dev/cert-manager/issuers/kustomization.yaml b/clusters/titan.lan.huizinga.dev/cert-manager/issuers/kustomization.yaml
index 0e6e22d..d25b32d 100644
--- a/clusters/titan.lan.huizinga.dev/cert-manager/issuers/kustomization.yaml
+++ b/clusters/titan.lan.huizinga.dev/cert-manager/issuers/kustomization.yaml
@@ -3,3 +3,4 @@ kind: Kustomization
 resources:
   - secret.yaml
   - letsencrypt-staging.yaml
+  - letsencrypt-production.yaml
diff --git a/clusters/titan.lan.huizinga.dev/cert-manager/issuers/letsencrypt-production.yaml b/clusters/titan.lan.huizinga.dev/cert-manager/issuers/letsencrypt-production.yaml
new file mode 100644
index 0000000..d25dd75
--- /dev/null
+++ b/clusters/titan.lan.huizinga.dev/cert-manager/issuers/letsencrypt-production.yaml
@@ -0,0 +1,17 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-production
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: tim.huizinga@gmail.com
+    privateKeySecretRef:
+      name: letsencrypt-production
+    solvers:
+      - dns01:
+          cloudflare:
+            email: tim.huizinga@gmail.com
+            apiTokenSecretRef:
+              name: cloudflare-token-secret
+              key: cloudflare-token