diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js
index 55e74c3e7..35ae29516 100644
--- a/backend/internal/certificate.js
+++ b/backend/internal/certificate.js
@@ -857,6 +857,13 @@ const internalCertificate = {
 			certificate.domain_names.join(','),
 		];
 
+		if (process.env.CERT_KEY_TYPE) {
+			args.push('--key-type', process.env.CERT_KEY_TYPE);
+		}
+		if (process.env.CERT_ELLIPTIC_CURVE) {
+			args.push('--elliptic-curve', process.env.CERT_ELLIPTIC_CURVE);
+		}
+
 		const adds = internalCertificate.getAdditionalCertbotArgs(certificate.id);
 		args.push(...adds.args);
 
@@ -907,6 +914,13 @@ const internalCertificate = {
 			dnsPlugin.full_plugin_name,
 		];
 
+		if (process.env.CERT_KEY_TYPE) {
+			args.push('--key-type', process.env.CERT_KEY_TYPE);
+		}
+		if (process.env.CERT_ELLIPTIC_CURVE) {
+			args.push('--elliptic-curve', process.env.CERT_ELLIPTIC_CURVE);
+		}
+
 		if (hasConfigArg) {
 			args.push(`--${dnsPlugin.full_plugin_name}-credentials`, credentialsLocation);
 		}
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 0603e2ded..58782d6df 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -23,7 +23,9 @@ ENV SUPPRESS_NO_CONFIG_WARNING=1 \
 	NPM_BUILD_VERSION="${BUILD_VERSION}" \
 	NPM_BUILD_COMMIT="${BUILD_COMMIT}" \
 	NPM_BUILD_DATE="${BUILD_DATE}" \
-	NODE_OPTIONS="--openssl-legacy-provider"
+	NODE_OPTIONS="--openssl-legacy-provider" \
+	CERT_KEY_TYPE="" \
+	CERT_ELLIPTIC_CURVE=""
 
 RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
 	&& apt-get update \