diff --git a/deploy/charts/cert-manager/templates/webhook-mutating-webhook.yaml b/deploy/charts/cert-manager/templates/webhook-mutating-webhook.yaml
index 26401a8e7..8eed00102 100644
--- a/deploy/charts/cert-manager/templates/webhook-mutating-webhook.yaml
+++ b/deploy/charts/cert-manager/templates/webhook-mutating-webhook.yaml
@@ -42,3 +42,7 @@ webhooks:
         namespace: {{ include "cert-manager.namespace" . }}
         path: /mutate
       {{- end }}
+    namespaceSelector:
+    {{- with .Values.webhook.webhookConfigurationNamespaceSelector }}
+    {{- toYaml . | nindent 6 }}
+    {{- end }}
diff --git a/deploy/charts/cert-manager/templates/webhook-validating-webhook.yaml b/deploy/charts/cert-manager/templates/webhook-validating-webhook.yaml
index ce33cc797..c01212b30 100644
--- a/deploy/charts/cert-manager/templates/webhook-validating-webhook.yaml
+++ b/deploy/charts/cert-manager/templates/webhook-validating-webhook.yaml
@@ -16,11 +16,17 @@ metadata:
 webhooks:
   - name: webhook.cert-manager.io
     namespaceSelector:
+      {{- with (omit .Values.webhook.webhookConfigurationNamespaceSelector "matchExpressions") }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
       matchExpressions:
       - key: "cert-manager.io/disable-validation"
         operator: "NotIn"
         values:
         - "true"
+      {{- with .Values.webhook.webhookConfigurationNamespaceSelector.matchExpressions }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
     rules:
       - apiGroups:
           - "cert-manager.io"
diff --git a/deploy/charts/cert-manager/values.yaml b/deploy/charts/cert-manager/values.yaml
index 811e157a1..17c419dcc 100644
--- a/deploy/charts/cert-manager/values.yaml
+++ b/deploy/charts/cert-manager/values.yaml
@@ -401,6 +401,17 @@ webhook:
   # Optional additional annotations to add to the webhook ValidatingWebhookConfiguration
   # validatingWebhookConfigurationAnnotations: {}
 
+  # Configure spec.namespaceSelector for mutating and validating webhooks.
+  webhookConfigurationNamespaceSelector: {}
+  #  matchLabels:
+  #    key: value
+  #  matchExpressions:
+  #    - key: kubernetes.io/metadata.name
+  #      operator: NotIn
+  #      values:
+  #        - kube-system
+
+
   # Additional command line flags to pass to cert-manager webhook binary.
   # To see all available flags run docker run quay.io/jetstack/cert-manager-webhook:<version> --help
   extraArgs: []