diff --git a/deploy/charts/cert-manager/templates/cainjector-rbac.yaml b/deploy/charts/cert-manager/templates/cainjector-rbac.yaml
index ec533e9e3..5cfa1fff9 100644
--- a/deploy/charts/cert-manager/templates/cainjector-rbac.yaml
+++ b/deploy/charts/cert-manager/templates/cainjector-rbac.yaml
@@ -74,13 +74,22 @@ rules:
   #   see cmd/cainjector/start.go#L113
   # cert-manager-cainjector-leader-election-core is used by the SecretBased injector controller
   #   see cmd/cainjector/start.go#L137
-  - apiGroups: ["coordination.k8s.io", ""]
-    resources: ["leases", "configmaps"]
+  # See also: https://github.com/kubernetes-sigs/controller-runtime/pull/1144#discussion_r480173688
+  - apiGroups: [""]
+    resources: ["configmaps"]
     resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"]
     verbs: ["get", "update", "patch"]
-  - apiGroups: ["coordination.k8s.io", ""]
-    resources: ["leases", "configmaps"]
+  - apiGroups: [""]
+    resources: ["configmaps"]
     verbs: ["create"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"]
+    verbs: ["get", "update", "patch"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["create"]
+
 ---
 
 # grant cert-manager permission to manage the leaderelection configmap in the
diff --git a/deploy/charts/cert-manager/templates/rbac.yaml b/deploy/charts/cert-manager/templates/rbac.yaml
index 1ed3d271f..07f74a4de 100644
--- a/deploy/charts/cert-manager/templates/rbac.yaml
+++ b/deploy/charts/cert-manager/templates/rbac.yaml
@@ -14,13 +14,21 @@ metadata:
     helm.sh/chart: {{ include "cert-manager.chart" . }}
 rules:
   # Used for leader election by the controller
-  - apiGroups: ["coordination.k8s.io", ""]
-    resources: ["leases", "configmaps"]
-    verbs: ["create"]
-  - apiGroups: ["coordination.k8s.io", ""]
-    resources: ["leases", "configmaps"]
+  # See also: https://github.com/kubernetes-sigs/controller-runtime/pull/1144#discussion_r480173688
+  - apiGroups: [""]
+    resources: ["configmaps"]
     resourceNames: ["cert-manager-controller"]
     verbs: ["get", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["create"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    resourceNames: ["cert-manager-controller"]
+    verbs: ["get", "update", "patch"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["create"]
 
 ---