diff --git a/charts/enterprise/cert-manager/Chart.yaml b/charts/enterprise/cert-manager/Chart.yaml
index 0b357a867bb..b66fe99bd59 100644
--- a/charts/enterprise/cert-manager/Chart.yaml
+++ b/charts/enterprise/cert-manager/Chart.yaml
@@ -21,7 +21,7 @@ sources:
   - https://github.com/truecharts/charts/tree/master/charts/enterprise/cert-manager
   - https://cert-manager.io/
 type: application
-version: 1.0.8
+version: 1.0.9
 annotations:
   truecharts.org/catagories: |
     - core
diff --git a/charts/enterprise/cert-manager/templates/_metrics.tpl b/charts/enterprise/cert-manager/templates/_metrics.tpl
index 90aca9ba0e1..67de46c31cc 100644
--- a/charts/enterprise/cert-manager/templates/_metrics.tpl
+++ b/charts/enterprise/cert-manager/templates/_metrics.tpl
@@ -1,5 +1,6 @@
 {{- define "certmanager.metrics" -}}
 {{- if .Values.customMetrics.enabled }}
+---
 apiVersion: monitoring.coreos.com/v1
 kind: PodMonitor
 metadata:
diff --git a/charts/enterprise/cert-manager/templates/clusterissuer/_ACME.tpl b/charts/enterprise/cert-manager/templates/clusterissuer/_ACME.tpl
index 9849c746840..1b6e0f2a040 100644
--- a/charts/enterprise/cert-manager/templates/clusterissuer/_ACME.tpl
+++ b/charts/enterprise/cert-manager/templates/clusterissuer/_ACME.tpl
@@ -1,5 +1,11 @@
 {{- define "certmanager.clusterissuer.acme" -}}
 {{- range .Values.clusterIssuer.ACME }}
+
+  {{- $validTypes := list "HTTP01" "cloudflare" "route53" -}}
+  {{- if not (mustHas .type $validTypes) -}}
+    {{- fail (printf "Expected ACME type to be one of [%s], but got [%s]" (join ", " $validTypes) .type) -}}
+  {{- end -}}
+  {{- $issuerSecretName := printf "%s-clusterissuer-secret" .name }}
 ---
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
@@ -22,15 +28,15 @@ spec:
           email: {{ .email }}
          {{- if .cfapitoken }}
           apiTokenSecretRef:
-            name: {{ .name }}-clusterissuer-secret
+            name: {{ $issuerSecretName }}
             key: cf-api-token
          {{- else if .cfapikey }}
           apiKeySecretRef:
-            name: {{ .name }}-clusterissuer-secret
+            name: {{ $issuerSecretName }}
             key: cf-api-key
-         {{ else }}
-         {{- fail "A cloudflare API key or token is required" }}
-         {{- end }}
+         {{- else -}}
+          {{- fail "A cloudflare API key or token is required" -}}
+         {{- end -}}
       {{- else if eq .type "route53" }}
         route53:
           region: {{ .region }}
@@ -45,18 +51,18 @@ spec:
         akamai:
           serviceConsumerDomain: {{ .serviceConsumerDomain }}
           clientTokenSecretRef:
-            name: {{ .name }}-clusterissuer-secret
+            name: {{ $issuerSecretName }}
             key: akclientToken
           clientSecretSecretRef:
-            name: {{ .name }}-clusterissuer-secret
+            name: {{ $issuerSecretName }}
             key: akclientSecret
           accessTokenSecretRef:
-            name: {{ .name }}-clusterissuer-secret
+            name: {{ $issuerSecretName }}
             key: akaccessToken
       {{- else if eq .type "digitalocean" }}
         digitalocean:
           tokenSecretRef:
-            name: {{ .name }}-clusterissuer-secret
+            name: {{ $issuerSecretName }}
             key: doaccessToken
       {{- else if eq .type "rfc2136" }}
         rfc2136:
@@ -64,18 +70,16 @@ spec:
           tsigKeyName: {{ .tsigKeyName }}
           tsigAlgorithm: {{ .tsigAlgorithm }}
           tsigSecretSecretRef:
-            name: {{ .name }}-clusterissuer-secret
+            name: {{ $issuerSecretName }}
             key: rfctsigSecret
-      {{- else }}
-      {{- fail "No correct ACME type entered..." }}
-      {{- end }}
+      {{- end -}}
     {{- end }}
 ---
 apiVersion: v1
 kind: Secret
 metadata:
   namespace: cert-manager
-  name: {{ .name }}-clusterissuer-secret
+  name: {{ $issuerSecretName }}
 type: Opaque
 stringData:
   cf-api-token: {{ .cfapitoken | default "" }}