From f18117c839df90daaf7966381532933617cd2ece Mon Sep 17 00:00:00 2001
From: Brad Warren <bmw@eff.org>
Date: Thu, 27 Aug 2020 11:01:21 -0700
Subject: [PATCH] fix it

---
 certbot/certbot/_internal/renewal.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/certbot/certbot/_internal/renewal.py b/certbot/certbot/_internal/renewal.py
index c8402b018..ba7aa7675 100644
--- a/certbot/certbot/_internal/renewal.py
+++ b/certbot/certbot/_internal/renewal.py
@@ -316,7 +316,14 @@ def renew_cert(config, domains, le_client, lineage):
         domains = lineage.names()
     # The private key is the existing lineage private key if reuse_key is set.
     # Otherwise, generate a fresh private key by passing None.
-    new_key = os.path.normpath(lineage.privkey) if config.reuse_key else None
+    if config.reuse_key:
+        new_key = os.path.normpath(lineage.privkey)
+        # Rather than doing this, I think we probably want to actually inspect
+        # the key since https://github.com/certbot/certbot/issues/7694 shows
+        # that the current value may not be reliable.
+        config.rsa_key_size = renewal_params.get("rsa_key_size", cli.flag_default("rsa_key_size"))
+    else:
+        new_key = None
     new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
     if config.dry_run:
         logger.debug("Dry run: skipping updating lineage at %s",