diff --git a/docs/configuring-playbook-ssl-certificates.md b/docs/configuring-playbook-ssl-certificates.md
index 07e49c5a2..f78fabffd 100644
--- a/docs/configuring-playbook-ssl-certificates.md
+++ b/docs/configuring-playbook-ssl-certificates.md
@@ -100,3 +100,12 @@ For automated certificate renewal to work, each port `80` vhost for each domain
 
 See how this is configured for the `matrix.` subdomain in `/matrix/nginx-proxy/conf.d/matrix-synapse.conf`
 Don't be alarmed if the above configuration file says port `8080`, instead of port `80`. It's due to port mapping due to our use of containers.
+
+
+## Obtaining SSL certificates with ECDSA private key algorithm
+
+If you'd like to obtain ECDSA keys by Let's Encrypt, define your own custom configuration like this:
+
+```yaml
+matrix_ssl_lets_encrypt_use_ecdsa_keys: true
+```
diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml
index 32702ec93..9e70e912d 100644
--- a/roles/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/matrix-nginx-proxy/defaults/main.yml
@@ -489,6 +489,10 @@ matrix_ssl_lets_encrypt_support_email: ~
 # If you'd like to not bind on all IP addresses, specify one explicitly (e.g. `a.b.c.d:80`)
 matrix_ssl_lets_encrypt_container_standalone_http_host_bind_port: '80'
 
+# Get SSL certificates with ECDSA private key algorithm.
+# Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#using-ecdsa-keys
+matrix_ssl_lets_encrypt_use_ecdsa_keys: false
+
 matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl"
 matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config"
 matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log"
diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml
index e4dd53c21..7f44eaa0a 100644
--- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml
+++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml
@@ -45,6 +45,7 @@
     --http-01-port 8080
     {% if matrix_ssl_lets_encrypt_server %}--server={{ matrix_ssl_lets_encrypt_server|quote }}{% endif %}
     {% if matrix_ssl_lets_encrypt_staging %}--staging{% endif %}
+    {% if matrix_ssl_lets_encrypt_use_ecdsa_keys %}--key-type ecdsa{% endif %}
     --standalone
     --preferred-challenges http
     --agree-tos
@@ -74,6 +75,7 @@
     --http-01-port 8080
     {% if matrix_ssl_lets_encrypt_server %}--server={{ matrix_ssl_lets_encrypt_server|quote }}{% endif %}
     {% if matrix_ssl_lets_encrypt_staging %}--staging{% endif %}
+    {% if matrix_ssl_lets_encrypt_use_ecdsa_keys %}--key-type ecdsa{% endif %}
     --standalone
     --preferred-challenges http
     --agree-tos
diff --git a/roles/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 b/roles/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2
index bc45e85e9..f8d6c40fa 100644
--- a/roles/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2
+++ b/roles/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2
@@ -22,7 +22,10 @@ docker run \
 		--work-dir=/tmp \
 		--http-01-port 8080 \
 		{% if matrix_ssl_lets_encrypt_staging %}
-			--staging \
+		--staging \
+		{% endif %}
+		{% if matrix_ssl_lets_encrypt_use_ecdsa_keys %}
+		--key-type ecdsa \
 		{% endif %}
 		--standalone \
 		--preferred-challenges http \