diff --git a/pkg/controller/certmanager/deployment_overrides_validation.go b/pkg/controller/certmanager/deployment_overrides_validation.go
index 874967385..78b42a8be 100644
--- a/pkg/controller/certmanager/deployment_overrides_validation.go
+++ b/pkg/controller/certmanager/deployment_overrides_validation.go
@@ -2,6 +2,7 @@ package certmanager
 
 import (
 	"fmt"
+	"strings"
 	"unsafe"
 
 	appsv1 "k8s.io/api/apps/v1"
@@ -78,7 +79,7 @@ func withContainerArgsValidateHook(certmanagerinformer certmanagerinformer.CertM
 	validateArgs := func(argMap map[string]string, supportedArgs []string) error {
 		for k, v := range argMap {
 			if !slices.Contains(supportedArgs, k) {
-				return fmt.Errorf("validation failed due to unsupported arg %q=%q", k, v)
+				return fmt.Errorf("validation failed due to unsupported arg %q=%q; supported args are: %s", k, v, strings.Join(supportedArgs, ", "))
 			}
 		}
 		return nil
@@ -127,7 +128,7 @@ func withContainerEnvValidateHook(certmanagerinformer certmanagerinformer.CertMa
 	validateEnv := func(argMap map[string]corev1.EnvVar, supportedEnv []string) error {
 		for k, v := range argMap {
 			if !slices.Contains(supportedEnv, k) {
-				return fmt.Errorf("validation failed due to unsupported arg %q=%q", k, v)
+				return fmt.Errorf("validation failed due to unsupported env var %q=%q; supported env vars are: %s", k, v, strings.Join(supportedEnv, ", "))
 			}
 		}
 		return nil
@@ -176,7 +177,7 @@ func withPodLabelsValidateHook(certmanagerinformer certmanagerinformer.CertManag
 	validateLabels := func(labels map[string]string, supportedLabelKeys []string) error {
 		for k, v := range labels {
 			if !slices.Contains(supportedLabelKeys, k) {
-				return fmt.Errorf("validation failed due to unsupported label %q=%q", k, v)
+				return fmt.Errorf("validation failed due to unsupported label %q=%q; supported labels are: %s", k, v, strings.Join(supportedLabelKeys, ", "))
 			}
 		}
 		return nil
@@ -254,12 +255,12 @@ func validateResources(resources v1alpha1.CertManagerResourceRequirements, suppo
 	errs := []error{}
 	for k, v := range resources.Limits {
 		if !slices.Contains(supportedResourceNames, string(k)) {
-			errs = append(errs, fmt.Errorf("validation failed due to unsupported resource limits %q=%s", k, v.String()))
+			errs = append(errs, fmt.Errorf("validation failed due to unsupported resource limits %q=%s; supported resources are: %s", k, v.String(), strings.Join(supportedResourceNames, ", ")))
 		}
 	}
 	for k, v := range resources.Requests {
 		if !slices.Contains(supportedResourceNames, string(k)) {
-			errs = append(errs, fmt.Errorf("validation failed due to unsupported resource requests %q=%s", k, v.String()))
+			errs = append(errs, fmt.Errorf("validation failed due to unsupported resource requests %q=%s; supported resources are: %s", k, v.String(), strings.Join(supportedResourceNames, ", ")))
 		}
 	}
 	return utilerrors.NewAggregate(errs)
diff --git a/pkg/controller/certmanager/deployment_overrides_validation_test.go b/pkg/controller/certmanager/deployment_overrides_validation_test.go
index e72dc4b43..daf041908 100644
--- a/pkg/controller/certmanager/deployment_overrides_validation_test.go
+++ b/pkg/controller/certmanager/deployment_overrides_validation_test.go
@@ -309,7 +309,7 @@ func TestWithContainerArgsValidateHook(t *testing.T) {
 				},
 			},
 			deploymentName: certmanagerControllerDeployment,
-			wantErrMsg:     `validation failed due to unsupported arg "--totally-unknown-flag"="value"`,
+			wantErrMsg:     `validation failed due to unsupported arg "--totally-unknown-flag"="value"; supported args are: --acme-http01-solver-nameservers, --acme-http01-solver-resource-limits-cpu, --acme-http01-solver-resource-limits-memory, --acme-http01-solver-resource-request-cpu, --acme-http01-solver-resource-request-memory, --dns01-recursive-nameservers, --dns01-recursive-nameservers-only, --v, -V, --metrics-listen-address, --issuer-ambient-credentials, --enable-certificate-owner-ref, --certificate-request-minimum-backoff-duration`,
 		},
 		{
 			name: "controller validates only controllerConfig webhook override args ignored",
@@ -369,7 +369,7 @@ func TestWithContainerArgsValidateHook(t *testing.T) {
 				},
 			},
 			deploymentName: certmanagerWebhookDeployment,
-			wantErrMsg:     `validation failed due to unsupported arg "--metrics-listen-address"="0.0.0.0:9402"`,
+			wantErrMsg:     `validation failed due to unsupported arg "--metrics-listen-address"="0.0.0.0:9402"; supported args are: --v, -V`,
 		},
 		{
 			name: "webhook rejects certificate-request-minimum-backoff-duration",
@@ -382,7 +382,7 @@ func TestWithContainerArgsValidateHook(t *testing.T) {
 				},
 			},
 			deploymentName: certmanagerWebhookDeployment,
-			wantErrMsg:     `validation failed due to unsupported arg "--certificate-request-minimum-backoff-duration"="1m"`,
+			wantErrMsg:     `validation failed due to unsupported arg "--certificate-request-minimum-backoff-duration"="1m"; supported args are: --v, -V`,
 		},
 		{
 			name: "nil webhook config skips validation",
@@ -430,7 +430,7 @@ func TestWithContainerArgsValidateHook(t *testing.T) {
 				},
 			},
 			deploymentName: certmanagerCAinjectorDeployment,
-			wantErrMsg:     `validation failed due to unsupported arg "--dns01-recursive-nameservers"="8.8.8.8:53"`,
+			wantErrMsg:     `validation failed due to unsupported arg "--dns01-recursive-nameservers"="8.8.8.8:53"; supported args are: --v, -V`,
 		},
 		{
 			name: "nil cainjector config skips validation",