diff --git a/stable/cert-manager/Chart.yaml b/stable/cert-manager/Chart.yaml
index edfe99c2b682..e5c6b644149b 100644
--- a/stable/cert-manager/Chart.yaml
+++ b/stable/cert-manager/Chart.yaml
@@ -1,6 +1,6 @@
 name: cert-manager
-version: v0.6.0
-appVersion: v0.6.0
+version: v0.6.5
+appVersion: v0.6.1
 description: A Helm chart for cert-manager
 home: https://github.com/jetstack/cert-manager
 keywords:
diff --git a/stable/cert-manager/README.md b/stable/cert-manager/README.md
index 5914878c7d1a..31cae589c651 100644
--- a/stable/cert-manager/README.md
+++ b/stable/cert-manager/README.md
@@ -23,6 +23,12 @@ To install the chart with the release name `my-release`:
 $ kubectl apply \
     -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.6/deploy/manifests/00-crds.yaml
 
+## IMPORTANT: if you are deploying into a namespace that **already exists**,
+## you MUST ensure the namespace has an additional label on it in order for
+## the deployment to succeed
+$ kubectl label namespace <deployment-namespace> certmanager.k8s.io/disable-validation="true"
+
+## Install the cert-manager helm chart
 $ helm install --name my-release stable/cert-manager
 ```
 
@@ -66,7 +72,7 @@ The following table lists the configurable parameters of the cert-manager chart
 | --------- | ----------- | ------- |
 | `global.imagePullSecrets` | Reference to one or more secrets to be used when pulling images | `[]` |
 | `image.repository` | Image repository | `quay.io/jetstack/cert-manager-controller` |
-| `image.tag` | Image tag | `v0.6.0` |
+| `image.tag` | Image tag | `v0.6.1` |
 | `image.pullPolicy` | Image pull policy | `IfNotPresent` |
 | `replicaCount`  | Number of cert-manager replicas  | `1` |
 | `clusterResourceNamespace` | Override the namespace used to store DNS provider credentials etc. for ClusterIssuer resources | Same namespace as cert-manager pod
@@ -101,7 +107,7 @@ The following table lists the configurable parameters of the cert-manager chart
 | `webhook.extraArgs` | Optional flags for cert-manager webhook component | `[]` |
 | `webhook.resources` | CPU/memory resource requests/limits for the webhook pods | |
 | `webhook.image.repository` | Webhook image repository | `quay.io/jetstack/cert-manager-webhook` |
-| `webhook.image.tag` | Webhook image tag | `v0.6.0` |
+| `webhook.image.tag` | Webhook image tag | `v0.6.1` |
 | `webhook.image.pullPolicy` | Webhook image pull policy | `IfNotPresent` |
 | `webhook.caSyncImage.repository` | CA sync image repository | `quay.io/munnerz/apiextensions-ca-helper` |
 | `webhook.caSyncImage.tag` | CA sync image tag | `v0.1.0` |
diff --git a/stable/cert-manager/requirements.lock b/stable/cert-manager/requirements.lock
index a3c0070e6582..a0e31312bc53 100644
--- a/stable/cert-manager/requirements.lock
+++ b/stable/cert-manager/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: webhook
   repository: file://webhook
-  version: v0.6.0
-digest: sha256:93a9a73b4f6aa718152642d6a4156fb6f9a4fb078d0136065c42bab2fe76c9b0
-generated: 2019-01-22T16:13:19.816854629Z
+  version: v0.6.3
+digest: sha256:77dcd917e3112dfc7ddb3f1cca72bb337f067706b1020dec0fda4a2d41a945bf
+generated: 2019-02-05T13:43:12.838251554Z
diff --git a/stable/cert-manager/requirements.yaml b/stable/cert-manager/requirements.yaml
index 16f21f133100..a1f7bc5f18f0 100644
--- a/stable/cert-manager/requirements.yaml
+++ b/stable/cert-manager/requirements.yaml
@@ -1,6 +1,6 @@
 # requirements.yaml
 dependencies:
 - name: webhook
-  version: "v0.6.0"
+  version: "v0.6.3"
   repository: "file://webhook"
   condition: webhook.enabled
diff --git a/stable/cert-manager/templates/rbac.yaml b/stable/cert-manager/templates/rbac.yaml
index 4d3532073eea..cf4cb0a5d569 100644
--- a/stable/cert-manager/templates/rbac.yaml
+++ b/stable/cert-manager/templates/rbac.yaml
@@ -10,7 +10,7 @@ metadata:
     heritage: {{ .Release.Service }}
 rules:
   - apiGroups: ["certmanager.k8s.io"]
-    resources: ["certificates", "issuers", "clusterissuers", "orders", "challenges"]
+    resources: ["certificates", "certificates/finalizers", "issuers", "clusterissuers", "orders", "orders/finalizers", "challenges"]
     verbs: ["*"]
   - apiGroups: [""]
     resources: ["configmaps", "secrets", "events", "services", "pods"]
diff --git a/stable/cert-manager/values.yaml b/stable/cert-manager/values.yaml
index e14b49a3c381..f78af7b3265c 100644
--- a/stable/cert-manager/values.yaml
+++ b/stable/cert-manager/values.yaml
@@ -21,7 +21,7 @@ strategy: {}
 
 image:
   repository: quay.io/jetstack/cert-manager-controller
-  tag: v0.6.0
+  tag: v0.6.1
   pullPolicy: IfNotPresent
 
 # Override the namespace used to store DNS provider credentials etc. for ClusterIssuer
diff --git a/stable/cert-manager/webhook/Chart.yaml b/stable/cert-manager/webhook/Chart.yaml
index 02829d1fe9e3..56cf1dae7e15 100644
--- a/stable/cert-manager/webhook/Chart.yaml
+++ b/stable/cert-manager/webhook/Chart.yaml
@@ -1,7 +1,7 @@
 name: webhook
 apiVersion: v1
-version: "v0.6.0"
-appVersion: "v0.6.0"
+version: "v0.6.3"
+appVersion: "v0.6.1"
 description: A Helm chart for deploying the cert-manager webhook component
 home: https://github.com/jetstack/cert-manager
 sources:
diff --git a/stable/cert-manager/webhook/templates/pki.yaml b/stable/cert-manager/webhook/templates/pki.yaml
index 1654b29b56d1..41285755fca5 100644
--- a/stable/cert-manager/webhook/templates/pki.yaml
+++ b/stable/cert-manager/webhook/templates/pki.yaml
@@ -12,7 +12,7 @@ metadata:
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 spec:
-  selfsigned: {}
+  selfSigned: {}
 
 ---
 
@@ -29,6 +29,7 @@ metadata:
     heritage: {{ .Release.Service }}
 spec:
   secretName: {{ include "webhook.rootCACertificate" . }}
+  duration: 43800h # 5y
   issuerRef:
     name: {{ include "webhook.selfSignedIssuer" . }}
   commonName: "ca.webhook.cert-manager"
@@ -66,6 +67,7 @@ metadata:
     heritage: {{ .Release.Service }}
 spec:
   secretName: {{ include "webhook.servingCertificate" . }}
+  duration: 8760h # 1y
   issuerRef:
     name: {{ include "webhook.rootCAIssuer" . }}
   dnsNames:
diff --git a/stable/cert-manager/webhook/values.yaml b/stable/cert-manager/webhook/values.yaml
index 82499b5d4c1b..142b1f199163 100644
--- a/stable/cert-manager/webhook/values.yaml
+++ b/stable/cert-manager/webhook/values.yaml
@@ -28,7 +28,7 @@ resources: {}
 
 image:
   repository: quay.io/jetstack/cert-manager-webhook
-  tag: v0.6.0
+  tag: v0.6.1
   pullPolicy: IfNotPresent
 
 caSyncImage: