diff --git a/fleet/lib/cert-manager-conf/base/kustomization.yaml b/fleet/lib/cert-manager-conf/base/kustomization.yaml
index 1d86207bd..40d5e24f5 100644
--- a/fleet/lib/cert-manager-conf/base/kustomization.yaml
+++ b/fleet/lib/cert-manager-conf/base/kustomization.yaml
@@ -3,3 +3,4 @@ resources:
   - clusterissuer-letsencrypt-staging.yaml
   - clusterissuer-letsencrypt.yaml
   - externalsecret-route53.yaml
+  - prometheusrule-cert-manager.yaml
diff --git a/fleet/lib/cert-manager-conf/base/prometheusrule-cert-manager.yaml b/fleet/lib/cert-manager-conf/base/prometheusrule-cert-manager.yaml
new file mode 100644
index 000000000..f28ef21c7
--- /dev/null
+++ b/fleet/lib/cert-manager-conf/base/prometheusrule-cert-manager.yaml
@@ -0,0 +1,18 @@
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  labels:
+    lsst.io/rule: "true"
+  name: cert-manager
+spec:
+  groups:
+    - name: cert-manager
+      rules:
+        - alert: CertManagerCertificateReadyStatus
+          annotations:
+            description: Certificate {{ $labels.namespace }}/{{ $labels.name }} is not ready.
+          expr: certmanager_certificate_ready_status{condition="False"} == 1
+          for: 10m
+          labels:
+            severity: critical