diff --git a/kubernetes/apps/cert-manager/cert-manager/issuers/cloudflare/externalsecret.yaml b/kubernetes/apps/cert-manager/cert-manager/issuers/cloudflare/externalsecret.yaml
new file mode 100644
index 0000000..d0f24c6
--- /dev/null
+++ b/kubernetes/apps/cert-manager/cert-manager/issuers/cloudflare/externalsecret.yaml
@@ -0,0 +1,19 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: cloudflare-api-token
+  namespace: cert-manager
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: cloudflare-api-token
+    creationPolicy: Owner
+  data:
+    - secretKey: api-token
+      remoteRef:
+        key: Cloudflare
+        property: cert-manager
diff --git a/kubernetes/apps/cert-manager/cert-manager/issuers/cloudflare/issuer-letsencrypt-prod.yaml b/kubernetes/apps/cert-manager/cert-manager/issuers/cloudflare/issuer-letsencrypt-prod.yaml
new file mode 100644
index 0000000..e94b0ea
--- /dev/null
+++ b/kubernetes/apps/cert-manager/cert-manager/issuers/cloudflare/issuer-letsencrypt-prod.yaml
@@ -0,0 +1,22 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/cert-manager.io/clusterissuer_v1.json
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-cloudflare-production
+spec:
+  acme:
+    email: "joe@veri.dev"
+    preferredChain: ""
+    privateKeySecretRef:
+      name: letsencrypt-cloudflare-production
+    server: https://acme-v02.api.letsencrypt.org/directory
+    solvers:
+      - dns01:
+          cloudflare:
+            apiTokenSecretRef:
+              name: cloudflare-api-token
+              key: api-token
+        selector:
+          dnsZones:
+            - hsn.dev
diff --git a/kubernetes/apps/cert-manager/cert-manager/issuers/cloudflare/issuer-letsencrypt-staging.yaml b/kubernetes/apps/cert-manager/cert-manager/issuers/cloudflare/issuer-letsencrypt-staging.yaml
new file mode 100644
index 0000000..09429f9
--- /dev/null
+++ b/kubernetes/apps/cert-manager/cert-manager/issuers/cloudflare/issuer-letsencrypt-staging.yaml
@@ -0,0 +1,22 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/cert-manager.io/clusterissuer_v1.json
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-cloudflare-staging
+spec:
+  acme:
+    email: "joe@veri.dev"
+    preferredChain: ""
+    privateKeySecretRef:
+      name: letsencrypt-cloudflare-staging
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    solvers:
+      - dns01:
+          cloudflare:
+            apiTokenSecretRef:
+              name: cloudflare-api-token
+              key: api-token
+        selector:
+          dnsZones:
+            - hsn.dev
diff --git a/kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple-issuer-rbac.yaml b/kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/dnsimple-issuer-rbac.yaml
similarity index 100%
rename from kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple-issuer-rbac.yaml
rename to kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/dnsimple-issuer-rbac.yaml
diff --git a/kubernetes/apps/cert-manager/cert-manager/issuers/externalsecret.yaml b/kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/externalsecret.yaml
similarity index 100%
rename from kubernetes/apps/cert-manager/cert-manager/issuers/externalsecret.yaml
rename to kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/externalsecret.yaml
diff --git a/kubernetes/apps/cert-manager/cert-manager/issuers/helmrelease.yaml b/kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/helmrelease.yaml
similarity index 100%
rename from kubernetes/apps/cert-manager/cert-manager/issuers/helmrelease.yaml
rename to kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/helmrelease.yaml
diff --git a/kubernetes/apps/cert-manager/cert-manager/issuers/issuer-letsencrypt-prod.yaml b/kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/issuer-letsencrypt-prod.yaml
similarity index 72%
rename from kubernetes/apps/cert-manager/cert-manager/issuers/issuer-letsencrypt-prod.yaml
rename to kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/issuer-letsencrypt-prod.yaml
index fdf28c8..16d5003 100644
--- a/kubernetes/apps/cert-manager/cert-manager/issuers/issuer-letsencrypt-prod.yaml
+++ b/kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/issuer-letsencrypt-prod.yaml
@@ -1,14 +1,15 @@
 ---
+# yaml-language-server: $schema=https://ks.hsn.dev/cert-manager.io/clusterissuer_v1.json
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
-  name: letsencrypt-production
+  name: letsencrypt-dnsimple-production
 spec:
   acme:
     email: "joe@veri.dev"
     preferredChain: ""
     privateKeySecretRef:
-      name: letsencrypt-production
+      name: letsencrypt-dnsimple-production
     server: https://acme-v02.api.letsencrypt.org/directory
     solvers:
       - dns01:
diff --git a/kubernetes/apps/cert-manager/cert-manager/issuers/issuer-letsencrypt-staging.yaml b/kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/issuer-letsencrypt-staging.yaml
similarity index 84%
rename from kubernetes/apps/cert-manager/cert-manager/issuers/issuer-letsencrypt-staging.yaml
rename to kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/issuer-letsencrypt-staging.yaml
index 32d35ee..da67735 100644
--- a/kubernetes/apps/cert-manager/cert-manager/issuers/issuer-letsencrypt-staging.yaml
+++ b/kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/issuer-letsencrypt-staging.yaml
@@ -1,4 +1,5 @@
 ---
+# yaml-language-server: $schema=https://ks.hsn.dev/cert-manager.io/clusterissuer_v1.json
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
diff --git a/kubernetes/apps/cert-manager/cert-manager/issuers/kustomization.yaml b/kubernetes/apps/cert-manager/cert-manager/issuers/kustomization.yaml
index 9ffee24..1e33035 100644
--- a/kubernetes/apps/cert-manager/cert-manager/issuers/kustomization.yaml
+++ b/kubernetes/apps/cert-manager/cert-manager/issuers/kustomization.yaml
@@ -4,8 +4,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: cert-manager
 resources:
-  - ./externalsecret.yaml
-  - ./issuer-letsencrypt-prod.yaml
-  - ./issuer-letsencrypt-staging.yaml
-  - ./dnsimple-issuer-rbac.yaml
-  - ./helmrelease.yaml
+  - ./dnsimple/externalsecret.yaml
+  - ./dnsimple/issuer-letsencrypt-prod.yaml
+  - ./dnsimple/issuer-letsencrypt-staging.yaml
+  - ./dnsimple/dnsimple-issuer-rbac.yaml
+  - ./dnsimple/helmrelease.yaml
+  - ./cloudflare/externalsecret.yaml
+  - ./cloudflare/issuer-letsencrypt-prod.yaml
+  - ./cloudflare/issuer-letsencrypt-staging.yaml