diff --git a/openshift/templates/certbot/certbot.bc.yaml b/openshift/templates/certbot/certbot.bc.yaml
new file mode 100644
index 0000000..1e1286f
--- /dev/null
+++ b/openshift/templates/certbot/certbot.bc.yaml
@@ -0,0 +1,65 @@
+---
+apiVersion: v1
+kind: Template
+labels:
+  build: certbot
+metadata:
+  name: certbot
+
+objects:
+  - apiVersion: v1
+    kind: ImageStream
+    metadata:
+      name: certbot
+    spec:
+      lookupPolicy:
+        local: false
+  - apiVersion: v1
+    kind: BuildConfig
+    metadata:
+      name: certbot
+    spec:
+      completionDeadlineSeconds: 300
+      output:
+        to:
+          kind: ImageStreamTag
+          name: certbot:latest
+      postCommit: {}
+      resources:
+        requests:
+          cpu: 1
+        limits:
+          cpu: 1
+      source:
+        contextDir: docker
+        git:
+          ref: "${GIT_REF}"
+          uri: "${GIT_URL}"
+        type: Git
+      strategy:
+        dockerStrategy:
+          from:
+            kind: DockerImage
+            name: "${BASE_IMAGE}"
+        type: Docker
+      triggers:
+        - type: ConfigChange
+        - type: ImageChange
+          imageChange: {}
+
+parameters:
+  - name: BASE_IMAGE
+    description: Base Image to build from
+    displayName: Base Image
+    required: true
+    value: registry.access.redhat.com/ubi8:8.3-227
+  - name: GIT_REF
+    description: Git Pull Request or Branch Reference (i.e. 'pull/CHANGE_ID/head')
+    displayName: Source Repository Reference
+    required: true
+    value: master
+  - name: GIT_URL
+    description: Git Repository URL
+    displayName: Source Repository URL
+    required: true
+    value: https://github.com/BCDevOps/certbot.git
diff --git a/openshift/templates/certbot/certbot.dc.yaml b/openshift/templates/certbot/certbot.dc.yaml
new file mode 100644
index 0000000..5ae2205
--- /dev/null
+++ b/openshift/templates/certbot/certbot.dc.yaml
@@ -0,0 +1,132 @@
+---
+apiVersion: v1
+kind: Template
+labels:
+  app: certbot
+metadata:
+  name: certbot
+
+objects:
+  - apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+      name: certbot
+  - apiVersion: v1
+    groupNames: null
+    kind: RoleBinding
+    metadata:
+      name: certbot_edit
+    roleRef:
+      name: edit
+    subjects:
+      - kind: ServiceAccount
+        name: certbot
+  - apiVersion: v1
+    kind: PersistentVolumeClaim
+    metadata:
+      name: certbot
+    spec:
+      storageClassName: netapp-file-standard
+      accessModes:
+        - ReadWriteMany
+      resources:
+        requests:
+          storage: 100Mi
+  - apiVersion: batch/v1beta1
+    kind: CronJob
+    metadata:
+      name: certbot
+    spec:
+      concurrencyPolicy: Replace
+      failedJobsHistoryLimit: 3
+      successfulJobsHistoryLimit: 3
+      startingDeadlineSeconds: 60
+      jobTemplate:
+        metadata:
+        spec:
+          backoffLimit: 6
+          activeDeadlineSeconds: 300
+          parallelism: 1
+          completions: 1
+          template:
+            metadata:
+              labels:
+                app: certbot
+            spec:
+              containers:
+                - name: certbot
+                  image: "${IMAGE_REGISTRY}/${NAMESPACE}/${SOURCE_IMAGE_NAME}:${TAG_NAME}"
+                  imagePullPolicy: Always
+                  env:
+                    - name: CERTBOT_EMAIL
+                      valueFrom:
+                        secretKeyRef:
+                          name: certbot
+                          key: email
+                    - name: CERTBOT_DEBUG
+                      value: "${DEBUG}"
+                    - name: CERTBOT_DELETE_ACME_ROUTES
+                      value: "${DELETE_ACME_ROUTES}"
+                    - name: CERTBOT_STAGING
+                      value: "${CERTBOT_STAGING}"
+                    - name: CERTBOT_DRY_RUN
+                      value: "${DRYRUN}"
+                    - name: CERTBOT_SERVER
+                      valueFrom:
+                        secretKeyRef:
+                          name: certbot
+                          key: server
+                  resources:
+                    requests:
+                      cpu: 50m
+                    limits:
+                      cpu: 250m
+                  volumeMounts:
+                    - mountPath: /etc/letsencrypt
+                      name: certbot-config
+              restartPolicy: Never
+              serviceAccountName: certbot
+              volumes:
+                - name: certbot-config
+                  persistentVolumeClaim:
+                    claimName: certbot
+      schedule: "${CERTBOT_CRON_SCHEDULE}"
+      suspend: "${{CERTBOT_SUSPEND_CRON}}"
+
+parameters:
+  # https://crontab.guru/every-6-hours
+  - name: "CERTBOT_CRON_SCHEDULE"
+    required: false
+    value: "0 */12 * * *"
+    # Let's Encrypt Stage environment will help with non-prod cert renewals, so you don't hit limits
+  - name: "CERTBOT_STAGING"
+    required: false
+    value: "false"
+    # In environments using wildcard *.apps.silver.devops cert, you might want to create the cronjob for consistency, but suspend it
+  - name: "CERTBOT_SUSPEND_CRON"
+    required: false
+    value: "true"
+  - name: "DRYRUN"
+    required: false
+    value: "false"
+  - name: "DEBUG"
+    required: false
+    value: "true"
+    # Do not delete ACME routes and services because the Eagle reverse proxy needs the service to be present
+  - name: "DELETE_ACME_ROUTES"
+    required: false
+    value: "false"
+  - name: "NAMESPACE"
+    required: true
+    value: "6cdc9e-tools"
+  - name: "IMAGE_REGISTRY"
+    description: The base OpenShift docker registry
+    displayName: Docker Image Registry
+    required: true
+    value: image-registry.openshift-image-registry.svc:5000
+  - name: "SOURCE_IMAGE_NAME"
+    required: false
+    value: "certbot"
+  - name: "TAG_NAME"
+    required: false
+    value: "latest"