diff --git a/cluster/core/cert-manager/helm-release.yaml b/cluster/core/cert-manager/helm-release.yaml
index 42dd9eabc..b20abbd4e 100644
--- a/cluster/core/cert-manager/helm-release.yaml
+++ b/cluster/core/cert-manager/helm-release.yaml
@@ -5,10 +5,9 @@ metadata:
   name: cert-manager
   namespace: cert-manager
 spec:
-  interval: 5m
+  interval: 15m
   chart:
     spec:
-      # renovate: registryUrl=https://charts.jetstack.io/
       chart: cert-manager
       version: v1.9.1
       sourceRef:
diff --git a/cluster/core/cert-manager/kustomization.yaml b/cluster/core/cert-manager/kustomization.yaml
index 9cc781cd5..93e836e18 100644
--- a/cluster/core/cert-manager/kustomization.yaml
+++ b/cluster/core/cert-manager/kustomization.yaml
@@ -3,10 +3,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - namespace.yaml
+  - secret.sops.yaml
   - helm-release.yaml
-  - cert-manager-webhook-ovh.yaml
-  - cert-manager-webhook-ovh-helm-release.yaml
+  - webhook-ovh
   - letsencrypt-production.yaml
   - letsencrypt-staging.yaml
   - prometheus-rule.yaml
-  - secret.sops.yaml
diff --git a/cluster/core/cert-manager/letsencrypt-production.yaml b/cluster/core/cert-manager/letsencrypt-production.yaml
index a4fc234e6..6ffe1cba7 100644
--- a/cluster/core/cert-manager/letsencrypt-production.yaml
+++ b/cluster/core/cert-manager/letsencrypt-production.yaml
@@ -2,13 +2,13 @@
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
-  name: letsencrypt-staging
+  name: letsencrypt-production
 spec:
   acme:
-    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    server: https://acme-v02.api.letsencrypt.org/directory
     email: "${SECRET_CLUSTER_DOMAIN_EMAIL}"
     privateKeySecretRef:
-      name: letsencrypt-staging
+      name: letsencrypt-production
     solvers:
       - dns01:
           webhook:
diff --git a/cluster/core/cert-manager/letsencrypt-staging.yaml b/cluster/core/cert-manager/letsencrypt-staging.yaml
index 6ffe1cba7..a4fc234e6 100644
--- a/cluster/core/cert-manager/letsencrypt-staging.yaml
+++ b/cluster/core/cert-manager/letsencrypt-staging.yaml
@@ -2,13 +2,13 @@
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
-  name: letsencrypt-production
+  name: letsencrypt-staging
 spec:
   acme:
-    server: https://acme-v02.api.letsencrypt.org/directory
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
     email: "${SECRET_CLUSTER_DOMAIN_EMAIL}"
     privateKeySecretRef:
-      name: letsencrypt-production
+      name: letsencrypt-staging
     solvers:
       - dns01:
           webhook:
diff --git a/cluster/core/cert-manager/namespace.yaml b/cluster/core/cert-manager/namespace.yaml
index 6bc19f4cc..977c578a1 100644
--- a/cluster/core/cert-manager/namespace.yaml
+++ b/cluster/core/cert-manager/namespace.yaml
@@ -3,3 +3,6 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: cert-manager
+  labels:
+    kustomize.toolkit.fluxcd.io/prune: disabled
+    goldilocks.fairwinds.com/enabled: "true"
diff --git a/cluster/core/cert-manager/cert-manager-webhook-ovh-helm-release.yaml b/cluster/core/cert-manager/webhook-ovh/helm-release.yaml
similarity index 80%
rename from cluster/core/cert-manager/cert-manager-webhook-ovh-helm-release.yaml
rename to cluster/core/cert-manager/webhook-ovh/helm-release.yaml
index 0ab04dd9e..5d1021b94 100644
--- a/cluster/core/cert-manager/cert-manager-webhook-ovh-helm-release.yaml
+++ b/cluster/core/cert-manager/webhook-ovh/helm-release.yaml
@@ -5,10 +5,9 @@ metadata:
   name: cert-manager-webhook-ovh
   namespace: cert-manager
 spec:
-  interval: 5m
+  interval: 15m
   chart:
     spec:
-      # renovate: registryUrl=https://github.com/baarde/cert-manager-webhook-ovh
       chart: ./deploy/cert-manager-webhook-ovh
       version: 0.3.0
       sourceRef:
diff --git a/cluster/core/cert-manager/webhook-ovh/kustomization.yaml b/cluster/core/cert-manager/webhook-ovh/kustomization.yaml
new file mode 100644
index 000000000..4e6cd1ca4
--- /dev/null
+++ b/cluster/core/cert-manager/webhook-ovh/kustomization.yaml
@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - rbac.yaml
+  - helm-release.yaml
diff --git a/cluster/core/cert-manager/cert-manager-webhook-ovh.yaml b/cluster/core/cert-manager/webhook-ovh/rbac.yaml
similarity index 100%
rename from cluster/core/cert-manager/cert-manager-webhook-ovh.yaml
rename to cluster/core/cert-manager/webhook-ovh/rbac.yaml