diff --git a/README.md b/README.md
index 88236a18a342ebe959a3c2ed2989e28a24122dbf..72b1676d25bb8cb862b8b07a97f24aeef2c5539f 100644
--- a/README.md
+++ b/README.md
@@ -85,3 +85,49 @@ EOF # Default setup for istio
 kubectl get svc -n istio-system
 kubectl get pods -n istio-system
 ```
+
+7. Cert Manager (on mgmt)
+
+```
+kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.3.1/cert-manager.yaml
+```
+
+Setup letsencrypt issuer
+```
+kubectl apply -f - <<EOF
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt-issuer
+  namespace: istio-system
+spec:
+  acme:
+    email: rlacko99@gmail.com
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: letsencrypt-issuer-account-key
+    solvers:
+    - http01:
+       ingress:
+         class: istio
+EOF
+```
+
+Test it
+
+```
+kubectl apply -f - <<EOF
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: hello-cert
+  namespace: istio-system
+spec:
+  secretName: hello-cert
+  issuerRef:
+    name: letsencrypt-issuer
+  commonName: hello.maze.sch.bme.hu
+  dnsNames:
+  - hello.maze.sch.bme.hu
+EOF
+```