diff --git a/cert-manager/base/cloudflare-clusterissuer.yaml b/cert-manager/base/cloudflare-clusterissuer.yaml
index 2854cef..7e62f96 100644
--- a/cert-manager/base/cloudflare-clusterissuer.yaml
+++ b/cert-manager/base/cloudflare-clusterissuer.yaml
@@ -5,9 +5,29 @@ metadata:
   name: cloudflare-issuer
 spec:
   acme:
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    email: abuse@mziesel.com
+
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-staging-acme-key
+
+    # ACME DNS-01 provider configurations
     solvers:
-    - dns01:
+    # An empty 'selector' means that this solver matches all domains
+    - selector: {}
+        # dnsNames:
+        # - mziesel.nl
+        # - *.mziesel.nl
+        # - mziesel.com
+        # - *.mziesel.com
+        # - mzsl.nl
+        # - *.mzsl.nl
+      dns01:
         cloudflare:
+          email: mziesel@outlook.com
+          # !! Remember to create a k8s secret before
+          # kubectl create secret generic cloudflare-api-key-secret
           apiTokenSecretRef:
             name: cloudflare-api-token-secret
             key: api-token
diff --git a/whoami/base/whoami-ingress.yaml b/whoami/base/whoami-ingress.yaml
index 5cfb25f..8183e43 100644
--- a/whoami/base/whoami-ingress.yaml
+++ b/whoami/base/whoami-ingress.yaml
@@ -6,7 +6,7 @@ metadata:
 spec:
   secretName: whoami.mziesel.nl-secret
   issuerRef:
-    name: mziesel-ca-issuer
+    name: cloudflare-issuer
     kind: ClusterIssuer
   dnsNames:
     - whoami.mziesel.nl