diff --git a/docs/cert_manager.md b/docs/cert_manager.md
index 34378a56a69a59e95eaa1642d679c920a7e33f33..4ed28afc224b10749d45e75724638fca43144318 100644
--- a/docs/cert_manager.md
+++ b/docs/cert_manager.md
@@ -88,6 +88,20 @@ Certificates issued by public ACME servers are typically trusted by client’s c
   - [DNS01 Challenges](https://cert-manager.io/v1.5-docs/configuration/acme/dns01/)
 - [ACME FAQ](https://cert-manager.io/v1.5-docs/faq/acme/)
 
+#### ACME With An Internal Certificate Authority
+
+The ACME Issuer with an internal certificate authority requires cert-manager to trust the certificate authority. This trust must be done at the cert-manager deployment level.
+To add a trusted certificate authority to cert-manager, add it's certificate to `group_vars/k8s-cluster/addons.yml`:
+
+```yaml
+cert_manager_trusted_internal_ca: |
+  -----BEGIN CERTIFICATE-----
+  [REPLACE with your CA certificate]
+  -----END CERTIFICATE-----
+```
+
+Once the CA is trusted, you can define your issuer normally.
+
 ### Create New TLS Root CA Certificate and Key
 
 #### Install Cloudflare PKI/TLS `cfssl` Toolkit
diff --git a/inventory/sample/group_vars/k8s_cluster/addons.yml b/inventory/sample/group_vars/k8s_cluster/addons.yml
index 5f5e37f443c0056f244aea15b7e38f2928cc5152..2e077dd805e86ac66b65071bd45ea92a903e0eb8 100644
--- a/inventory/sample/group_vars/k8s_cluster/addons.yml
+++ b/inventory/sample/group_vars/k8s_cluster/addons.yml
@@ -129,6 +129,10 @@ ingress_alb_enabled: false
 # Cert manager deployment
 cert_manager_enabled: false
 # cert_manager_namespace: "cert-manager"
+# cert_manager_trusted_internal_ca: |
+#   -----BEGIN CERTIFICATE-----
+#   [REPLACE with your CA certificate]
+#   -----END CERTIFICATE-----
 
 # MetalLB deployment
 metallb_enabled: false
diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager.yml.j2
index 200ab268016790acccb0a3e2cb2f3a533f37a21f..3f51b19ad6692835697845ae9dfff98f9d730402 100644
--- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager.yml.j2
@@ -875,6 +875,17 @@ spec:
           resources:
             {}
 ---
+{% if cert_manager_trusted_internal_ca is defined %}
+apiVersion: v1
+data:
+  internal-ca.pem: |
+    {{ cert_manager_trusted_internal_ca | indent(width=4, indentfirst=False) }}
+kind: ConfigMap
+metadata:
+  name: ca-internal-truststore
+  namespace: {{ cert_manager_namespace }}
+---
+{% endif %}
 # Source: cert-manager/templates/deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
@@ -928,6 +939,17 @@ spec:
                 fieldPath: metadata.namespace
           resources:
             {}
+{% if cert_manager_trusted_internal_ca is defined %}
+          volumeMounts:
+          - mountPath: /etc/ssl/certs/internal-ca.pem
+            name: ca-internal-truststore
+            subPath: internal-ca.pem
+        volumes:
+        - configMap:
+            defaultMode: 420
+            name: ca-internal-truststore
+          name: ca-internal-truststore
+{% endif %}
 ---
 # Source: cert-manager/templates/webhook-deployment.yaml
 apiVersion: apps/v1