diff --git a/cmd/controller/app/controller.go b/cmd/controller/app/controller.go
index 1d410755b..167d7939d 100644
--- a/cmd/controller/app/controller.go
+++ b/cmd/controller/app/controller.go
@@ -114,6 +114,12 @@ func buildControllerContext(opts *options.ControllerOptions) (*controller.Contex
 	eventBroadcaster.StartRecordingToSink(&corev1.EventSinkImpl{Interface: cl.CoreV1().Events("")})
 	recorder := eventBroadcaster.NewRecorder(scheme.Scheme, v1.EventSource{Component: controllerAgentName})
 
+	// We only create SharedInformerFactories for the --namespace specified to
+	// watch. If this namespace is blank (i.e. the default, watch all
+	// namespaces) then the factories will watch all namespaces.
+	// If it is specified, all operations relating to ClusterIssuer resources
+	// should be disabled and thus we don't need to also create factories for
+	// the --cluster-resource-namespace.
 	sharedInformerFactory := informers.NewFilteredSharedInformerFactory(intcl, time.Second*30, opts.Namespace, nil)
 	kubeSharedInformerFactory := kubeinformers.NewFilteredSharedInformerFactory(cl, time.Second*30, opts.Namespace, nil)
 	return &controller.Context{
diff --git a/pkg/issuer/acme/acme.go b/pkg/issuer/acme/acme.go
index a381ccf44..2380e47c9 100644
--- a/pkg/issuer/acme/acme.go
+++ b/pkg/issuer/acme/acme.go
@@ -115,7 +115,7 @@ func (a *Acme) solverFor(challengeType string) (solver, error) {
 func init() {
 	issuer.Register(issuer.IssuerACME, func(i v1alpha1.GenericIssuer, ctx *issuer.Context) (issuer.Interface, error) {
 		issuerResourcesNamespace := i.GetObjectMeta().Namespace
-		if i.GetObjectKind().GroupVersionKind().Kind == v1alpha1.ClusterIssuerKind {
+		if issuerResourcesNamespace == "" {
 			issuerResourcesNamespace = ctx.ClusterResourceNamespace
 		}
 		return New(
diff --git a/pkg/issuer/ca/ca.go b/pkg/issuer/ca/ca.go
index 49d20e592..2d690129b 100644
--- a/pkg/issuer/ca/ca.go
+++ b/pkg/issuer/ca/ca.go
@@ -45,7 +45,7 @@ const (
 func init() {
 	issuer.Register(ControllerName, func(issuer v1alpha1.GenericIssuer, ctx *issuer.Context) (issuer.Interface, error) {
 		issuerResourcesNamespace := issuer.GetObjectMeta().Namespace
-		if issuer.GetObjectKind().GroupVersionKind().Kind == v1alpha1.ClusterIssuerKind {
+		if issuerResourcesNamespace == "" {
 			issuerResourcesNamespace = ctx.ClusterResourceNamespace
 		}
 		return NewCA(
diff --git a/test/e2e/clusterissuer/clusterissuer_ca.go b/test/e2e/clusterissuer/clusterissuer_ca.go
index ab17a1ead..03f7df034 100644
--- a/test/e2e/clusterissuer/clusterissuer_ca.go
+++ b/test/e2e/clusterissuer/clusterissuer_ca.go
@@ -39,7 +39,7 @@ var _ = framework.CertManagerDescribe("CA ClusterIssuer", func() {
 		f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(secretName, nil)
 	})
 
-	It("should generate a signing keypair", func() {
+	It("should validate a signing keypair", func() {
 		By("Creating an Issuer")
 		_, err := f.CertManagerClientSet.CertmanagerV1alpha1().ClusterIssuers().Create(util.NewCertManagerCAClusterIssuer(issuerName, secretName))
 		Expect(err).NotTo(HaveOccurred())