diff --git a/cluster/core/cert-manager/kustomization.yaml b/cluster/core/cert-manager/kustomization.yaml
index 24b23d5..4ce6ec5 100644
--- a/cluster/core/cert-manager/kustomization.yaml
+++ b/cluster/core/cert-manager/kustomization.yaml
@@ -6,4 +6,5 @@ resources:
 - ./helm-repository.yaml
 - ./helm-release.yaml
 - ./letsencrypt-prod.yaml
+- ./letsencrypt-stage.yaml
 #- ./dashboard-ingress.yaml
diff --git a/cluster/core/cert-manager/letsencrypt-prod.yaml b/cluster/core/cert-manager/letsencrypt-prod.yaml
index 55a73c2..84fbc43 100644
--- a/cluster/core/cert-manager/letsencrypt-prod.yaml
+++ b/cluster/core/cert-manager/letsencrypt-prod.yaml
@@ -10,11 +10,15 @@ spec:
     privateKeySecretRef:
       name: letsencrypt-production
     solvers:
-      - http01:
-          ingress:
-            class: traefik
-#      - dns01:
-#          cloudflare:
-#            apiTokenSecretRef:
-#              name: cloudflare-api-token-secret
-#              key: api-token
\ No newline at end of file
+#      - http01:
+#          ingress:
+#            class: traefik
+      - dns01:
+          cloudflare:
+            email: "${SECRET_MY_EMAIL}"
+            apiTokenSecretRef:
+              name: cloudflare-api-token-secret
+              key: api-token
+        selector:
+          dnsZones:
+            - "***REMOVED***"
\ No newline at end of file
diff --git a/cluster/core/cert-manager/letsencrypt-stage.yaml b/cluster/core/cert-manager/letsencrypt-stage.yaml
new file mode 100644
index 0000000..4c6224a
--- /dev/null
+++ b/cluster/core/cert-manager/letsencrypt-stage.yaml
@@ -0,0 +1,24 @@
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    email: "${SECRET_LETSENCRYPT_EMAIL}"
+    privateKeySecretRef:
+      name: letsencrypt-staging
+    solvers:
+#      - http01:
+#          ingress:
+#            class: traefik
+      - dns01:
+          cloudflare:
+            email: "${SECRET_MY_EMAIL}"
+            apiTokenSecretRef:
+              name: cloudflare-api-token-secret
+              key: api-token
+        selector:
+          dnsZones:
+            - "***REMOVED***"
\ No newline at end of file
diff --git a/cluster/core/networking/traefik/helm-release.yaml b/cluster/core/networking/traefik/helm-release.yaml
index 0ea46c5..b631e9d 100644
--- a/cluster/core/networking/traefik/helm-release.yaml
+++ b/cluster/core/networking/traefik/helm-release.yaml
@@ -14,11 +14,8 @@ spec:
         name: traefik-charts
         namespace: flux-system
       interval: 1m
-#      valuesFiles:
-#      - ./traefik-values.yaml
   values:
     additionalArguments:
-
     - --api.insecure
 
     logs:
@@ -71,7 +68,7 @@ spec:
         protocol: TCP
         tls:
           enabled: true
-          certResolver: cloudflare
+          #certResolver: cloudflare
       metrics:
         port: 9100
         expose: true