diff --git a/pkg/apis/certmanager/v1alpha1/types.go b/pkg/apis/certmanager/v1alpha1/types.go
index 708c400e6..372f009e5 100644
--- a/pkg/apis/certmanager/v1alpha1/types.go
+++ b/pkg/apis/certmanager/v1alpha1/types.go
@@ -90,6 +90,8 @@ type ACMEIssuer struct {
 	Email string `json:"email"`
 	// Server is the ACME server URL
 	Server string `json:"server"`
+	// If true, skip verifying the ACME server TLS certificate
+	SkipTLSVerify bool `json:"skipTLSVerify,omitempty"`
 	// PrivateKey is the name of a secret containing the private key for this
 	// user account.
 	PrivateKey SecretKeySelector `json:"privateKeySecretRef"`
diff --git a/pkg/issuer/acme/acme.go b/pkg/issuer/acme/acme.go
index faffc9af7..a45563c94 100644
--- a/pkg/issuer/acme/acme.go
+++ b/pkg/issuer/acme/acme.go
@@ -2,7 +2,9 @@ package acme
 
 import (
 	"context"
+	"crypto/tls"
 	"fmt"
+	nethttp "net/http"
 
 	"github.com/golang/glog"
 	corev1 "k8s.io/api/core/v1"
@@ -93,7 +95,13 @@ func (a *Acme) acmeClient() (*acme.Client, error) {
 		return nil, err
 	}
 
+	tr := &nethttp.Transport{
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: a.issuer.GetSpec().ACME.SkipTLSVerify},
+	}
+	client := &nethttp.Client{Transport: tr}
+
 	cl := &acme.Client{
+		HTTPClient:   client,
 		Key:          accountPrivKey,
 		DirectoryURL: a.issuer.GetSpec().ACME.Server,
 	}