diff --git a/infrastructure/cert-manager-webhook-hetzner/helmrelease.yaml b/infrastructure/cert-manager-webhook-hetzner/helmrelease.yaml
new file mode 100644
index 0000000..c04ee53
--- /dev/null
+++ b/infrastructure/cert-manager-webhook-hetzner/helmrelease.yaml
@@ -0,0 +1,18 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: cert-manager-webhook-hetzner
+  namespace: cert-manager
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: cert-manager-webhook-hetzner
+      version: 1.3.3
+      sourceRef:
+        kind: HelmRepository
+        name: vadimkim-cert-manager-webhook-hetzner
+        namespace: flux-system
+  values:
+    groupName: patanix.de
+
diff --git a/infrastructure/cert-manager-webhook-hetzner/helmrepository.yaml b/infrastructure/cert-manager-webhook-hetzner/helmrepository.yaml
new file mode 100644
index 0000000..d82a2b5
--- /dev/null
+++ b/infrastructure/cert-manager-webhook-hetzner/helmrepository.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: vadimkim-cert-manager-webhook-hetzner
+  namespace: flux-system
+spec:
+  interval: 30m
+  url: https://vadimkim.github.io/cert-manager-webhook-hetzner
diff --git a/infrastructure/cert-manager-webhook-hetzner/kustomization.yaml b/infrastructure/cert-manager-webhook-hetzner/kustomization.yaml
new file mode 100644
index 0000000..36e69d3
--- /dev/null
+++ b/infrastructure/cert-manager-webhook-hetzner/kustomization.yaml
@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - helmrepository.yaml
+  - helmrelease.yaml
+
diff --git a/infrastructure/cert-manager/kustomization.yaml b/infrastructure/cert-manager/kustomization.yaml
index 35dea7b..18bf678 100644
--- a/infrastructure/cert-manager/kustomization.yaml
+++ b/infrastructure/cert-manager/kustomization.yaml
@@ -5,3 +5,4 @@ resources:
   - helmrepository.yaml
   - helmrelease.yaml
   - configmap-values.yaml
+  - letsencrypt-clusterissuer.yaml
diff --git a/infrastructure/cert-manager/letsencrypt-clusterissuer.yaml b/infrastructure/cert-manager/letsencrypt-clusterissuer.yaml
new file mode 100644
index 0000000..516ccae
--- /dev/null
+++ b/infrastructure/cert-manager/letsencrypt-clusterissuer.yaml
@@ -0,0 +1,20 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-dns
+spec:
+  acme:
+    email: patryk-hegenberg@outlook.de
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: letsencrypt-dns-key
+    solvers:
+      - dns01:
+          webhook:
+            groupName: patanix.de
+            solverName: hetzner
+            config:
+              apiTokenSecretRef:
+                name: hetzner-dns-api-token
+                key: token
+
diff --git a/infrastructure/kustomization.yaml b/infrastructure/kustomization.yaml
index 29c82b2..1db4b1a 100644
--- a/infrastructure/kustomization.yaml
+++ b/infrastructure/kustomization.yaml
@@ -2,4 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - cert-manager/
+  - cert-manager-webhook-hetzner/
   # - monitoring/
diff --git a/notes/cert-manager-webhook.md b/notes/cert-manager-webhook.md
new file mode 100644
index 0000000..e1367bd
--- /dev/null
+++ b/notes/cert-manager-webhook.md
@@ -0,0 +1,79 @@
+# Schritt: cert-manager-webhook-hetzner (vadimkim) und ClusterIssuer
+
+## 1. HelmRepository für Webhook anlegen
+```bash
+cat <<EOF > infrastructure/cert-manager-webhook-hetzner/helmrepository.yaml
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: vadimkim-cert-manager-webhook-hetzner
+  namespace: flux-system
+spec:
+  interval: 30m
+  url: https://vadimkim.github.io/cert-manager-webhook-hetzner
+EOF
+```
+
+## 2. HelmRelease für Webhook anlegen
+```bash
+cat <<EOF > infrastructure/cert-manager-webhook-hetzner/helmrelease.yaml
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: cert-manager-webhook-hetzner
+  namespace: cert-manager
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: cert-manager-webhook-hetzner
+      version: 2.9.0
+      sourceRef:
+        kind: HelmRepository
+        name: vadimkim-cert-manager-webhook-hetzner
+        namespace: flux-system
+  values:
+    groupName: patanix.de
+EOF
+```
+
+## 3. ClusterIssuer anlegen
+```bash
+cat <<EOF > infrastructure/cert-manager/letsencrypt-clusterissuer.yaml
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-dns
+spec:
+  acme:
+    email: patryk-hegenberg@outlook.de
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: letsencrypt-dns-key
+    solvers:
+      - dns01:
+          webhook:
+            groupName: patanix.de
+            solverName: hetzner
+            config:
+              apiTokenSecretRef:
+                name: hetzner-dns-api-token
+                key: token
+EOF
+```
+
+## 4. Dateien ins Git-Repo legen und pushen
+```bash
+git add infrastructure/cert-manager-webhook-hetzner/*
+git add infrastructure/cert-manager/letsencrypt-clusterissuer.yaml
+git commit -m "Add vadimkim cert-manager-webhook-hetzner and ClusterIssuer for patanix.de"
+git push origin main
+```
+
+## 5. Flux synchronisieren und prüfen
+```bash
+flux reconcile source git flux-system
+flux get helmreleases -A
+kubectl get pods -n cert-manager
+kubectl get clusterissuer
+```