diff --git a/README.md b/README.md
index 0985c20..ddfb717 100644
--- a/README.md
+++ b/README.md
@@ -84,7 +84,9 @@ http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-da
 
 ### create issuers
 
-    ....
+    adapt email!
+    kubectl apply -f letsencrypt-staging.yaml
+    kubectl apply -f letsencrypt-prod.yaml
 
 ### default issuer
     
diff --git a/letsencrypt-prod.yaml b/letsencrypt-prod.yaml
new file mode 100644
index 0000000..8505c25
--- /dev/null
+++ b/letsencrypt-prod.yaml
@@ -0,0 +1,16 @@
+apiVersion: certmanager.k8s.io/v1alpha1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt
+spec:
+  acme:
+    # You must replace this email address with your own.
+    # Let's Encrypt will use this to contact you about expiring
+    # certificates, and issues related to your account.
+    email: sysadm@zknt.org
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      # Secret resource used to store the account's private key.
+      name: leprod-issuer-account-key
+    # Enable the HTTP01 challenge mechanism for this Issuer
+    http01: {}
diff --git a/letsencrypt-staging.yaml b/letsencrypt-staging.yaml
new file mode 100644
index 0000000..c905ea4
--- /dev/null
+++ b/letsencrypt-staging.yaml
@@ -0,0 +1,16 @@
+apiVersion: certmanager.k8s.io/v1alpha1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    # You must replace this email address with your own.
+    # Let's Encrypt will use this to contact you about expiring
+    # certificates, and issues related to your account.
+    email: sysadm@zknt.org
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      # Secret resource used to store the account's private key.
+      name: lestaging-issuer-account-key
+    # Enable the HTTP01 challenge mechanism for this Issuer
+    http01: {}