diff --git a/Directory.Build.props b/Directory.Build.props
index f488c945..0d1e45ec 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -34,7 +34,7 @@
   </PropertyGroup>
 
   <PropertyGroup>
-    <VersionPrefix>1.3.2</VersionPrefix>
+    <VersionPrefix>1.3.3</VersionPrefix>
     <VersionSuffix>beta</VersionSuffix>
     <IncludePreReleaseLabelInPackageVersion Condition="'$(IS_STABLE_BUILD)' != 'true'">true</IncludePreReleaseLabelInPackageVersion>
     <BuildNumber Condition=" '$(BuildNumber)' == '' ">$([MSBuild]::ValueOrDefault($(BUILD_NUMBER), 0))</BuildNumber>
diff --git a/src/LettuceEncrypt/Internal/AcmeCertificateFactory.cs b/src/LettuceEncrypt/Internal/AcmeCertificateFactory.cs
index a0211420..a7543965 100644
--- a/src/LettuceEncrypt/Internal/AcmeCertificateFactory.cs
+++ b/src/LettuceEncrypt/Internal/AcmeCertificateFactory.cs
@@ -298,7 +298,8 @@ public async Task<X509Certificate2> CreateCertificateAsync(CancellationToken can
         {
             CommonName = commonName,
         };
-        var privateKey = KeyFactory.NewKey((Certes.KeyAlgorithm)_options.Value.KeyAlgorithm);
+        var privateKeyAlgorithm = (Certes.KeyAlgorithm)_options.Value.KeyAlgorithm;
+        var privateKey = KeyFactory.NewKey(privateKeyAlgorithm, _options.Value.KeySize);
         var acmeCert = await _client.GetCertificateAsync(csrInfo, privateKey, order);
 
         _logger.LogAcmeAction("NewCertificate");
diff --git a/src/LettuceEncrypt/LettuceEncryptOptions.cs b/src/LettuceEncrypt/LettuceEncryptOptions.cs
index 614b3a02..cc9620ad 100644
--- a/src/LettuceEncrypt/LettuceEncryptOptions.cs
+++ b/src/LettuceEncrypt/LettuceEncryptOptions.cs
@@ -88,6 +88,11 @@ public bool UseStagingServer
     /// </summary>
     public KeyAlgorithm KeyAlgorithm { get; set; } = KeyAlgorithm.ES256;
 
+    /// <summary>
+    /// The key size used for generating a private key for certificates
+    /// </summary>
+    public int? KeySize { get; set; }
+
     /// <summary>
     /// Specifies which kinds of ACME challenges LettuceEncrypt can use to verify domain ownership.
     /// Defaults to <see cref="ChallengeType.Any"/>.
diff --git a/src/LettuceEncrypt/PublicAPI.Shipped.txt b/src/LettuceEncrypt/PublicAPI.Shipped.txt
index b0817e10..6b4b2195 100644
--- a/src/LettuceEncrypt/PublicAPI.Shipped.txt
+++ b/src/LettuceEncrypt/PublicAPI.Shipped.txt
@@ -62,6 +62,8 @@ LettuceEncrypt.LettuceEncryptOptions.FallbackCertificate.get -> System.Security.
 LettuceEncrypt.LettuceEncryptOptions.FallbackCertificate.set -> void
 LettuceEncrypt.LettuceEncryptOptions.KeyAlgorithm.get -> LettuceEncrypt.KeyAlgorithm
 LettuceEncrypt.LettuceEncryptOptions.KeyAlgorithm.set -> void
+LettuceEncrypt.LettuceEncryptOptions.KeySize.get -> int?
+LettuceEncrypt.LettuceEncryptOptions.KeySize.set -> void
 LettuceEncrypt.LettuceEncryptOptions.LettuceEncryptOptions() -> void
 LettuceEncrypt.LettuceEncryptOptions.RenewalCheckPeriod.get -> System.TimeSpan?
 LettuceEncrypt.LettuceEncryptOptions.RenewalCheckPeriod.set -> void