diff --git a/certbot/renewal.py b/certbot/renewal.py
index aa39c5fad..206f042f6 100644
--- a/certbot/renewal.py
+++ b/certbot/renewal.py
@@ -33,6 +33,7 @@ STR_CONFIG_ITEMS = ["config_dir", "logs_dir", "work_dir", "user_agent",
                     "server", "account", "authenticator", "installer",
                     "standalone_supported_challenges", "renew_hook"]
 INT_CONFIG_ITEMS = ["rsa_key_size", "tls_sni_01_port", "http01_port"]
+BOOL_CONFIG_ITEMS = ["must_staple"]
 
 
 def renewal_conf_files(config):
@@ -190,6 +191,17 @@ def _restore_required_config_elements(config, renewalparams):
                     raise errors.Error(
                         "Expected a numeric value for {0}".format(config_item))
             setattr(config.namespace, config_item, int_value)
+    # bool-valued items to add if they're present
+    for config_item in BOOL_CONFIG_ITEMS:
+        if config_item in renewalparams and not cli.set_by_cli(config_item):
+            config_value = renewalparams[config_item]
+            if config_value in ("True", "False"):
+                # bool("False") == True
+                # pylint: disable=eval-used
+                setattr(config.namespace, config_item, eval(config_value))
+            else:
+                raise errors.Error(
+                    "Expected 'True' or 'False' for {0}".format(config_item))
 
 
 def should_renew(config, lineage):
diff --git a/certbot/storage.py b/certbot/storage.py
index 1fc13a5df..f90276260 100644
--- a/certbot/storage.py
+++ b/certbot/storage.py
@@ -154,6 +154,7 @@ def _relevant(option):
     plugins = list(plugins_disco.PluginsRegistry.find_all())
     return (option in renewal.STR_CONFIG_ITEMS
             or option in renewal.INT_CONFIG_ITEMS
+            or option in renewal.BOOL_CONFIG_ITEMS
             or any(option.startswith(x + "_") for x in plugins))
 
 
diff --git a/certbot/tests/cli_test.py b/certbot/tests/cli_test.py
index 54ae74f95..96e862404 100644
--- a/certbot/tests/cli_test.py
+++ b/certbot/tests/cli_test.py
@@ -735,6 +735,11 @@ class CLITest(unittest.TestCase):  # pylint: disable=too-many-public-methods
         args = ["renew", "--dry-run", "-tvv"]
         self._test_renewal_common(True, [], args=args, should_renew=True)
 
+    def test_must_staple_renew(self):
+        self._make_lineage('sample-renewal.conf')
+        args = ["renew", "--must-staple"]
+        self._test_renewal_common(True, [], args=args, should_renew=True)
+
     def test_quiet_renew(self):
         self._make_lineage('sample-renewal.conf')
         args = ["renew", "--dry-run"]
diff --git a/certbot/tests/testdata/sample-renewal.conf b/certbot/tests/testdata/sample-renewal.conf
index 08032af86..52b3ec45c 100644
--- a/certbot/tests/testdata/sample-renewal.conf
+++ b/certbot/tests/testdata/sample-renewal.conf
@@ -73,4 +73,5 @@ tls_sni_01_port = 443
 logs_dir = /var/log/letsencrypt
 apache_vhost_root = /etc/apache2/sites-available
 configurator = None
+must_staple = True
 [[webroot_map]]