diff --git a/pkg/apis/certmanager/v1alpha1/types.go b/pkg/apis/certmanager/v1alpha1/types.go
index dcc0b186d..8a50cd066 100644
--- a/pkg/apis/certmanager/v1alpha1/types.go
+++ b/pkg/apis/certmanager/v1alpha1/types.go
@@ -25,6 +25,7 @@ const (
 	CommonNameAnnotationKey = "certmanager.k8s.io/common-name"
 	IssuerNameAnnotationKey = "certmanager.k8s.io/issuer-name"
 	IssuerKindAnnotationKey = "certmanager.k8s.io/issuer-kind"
+	CertificateNameKey      = "certmanager.k8s.io/certificate-name"
 )
 
 // +genclient
diff --git a/pkg/controller/certificates/sync.go b/pkg/controller/certificates/sync.go
index 7b612ac39..aa98aa8e3 100644
--- a/pkg/controller/certificates/sync.go
+++ b/pkg/controller/certificates/sync.go
@@ -234,6 +234,12 @@ func (c *Controller) updateSecret(crt *v1alpha1.Certificate, namespace string, c
 	secret.Annotations[v1alpha1.IssuerNameAnnotationKey] = crt.Spec.IssuerRef.Name
 	secret.Annotations[v1alpha1.IssuerKindAnnotationKey] = issuerKind(crt)
 
+	if secret.Labels == nil {
+		secret.Labels = make(map[string]string)
+	}
+
+	secret.Labels[v1alpha1.CertificateNameKey] = crt.Name
+
 	// if it is a new resource
 	if secret.SelfLink == "" {
 		secret, err = c.client.CoreV1().Secrets(namespace).Create(secret)