diff --git a/core/nginx/letsencrypt.py b/core/nginx/letsencrypt.py
index e636dac9..562b0895 100755
--- a/core/nginx/letsencrypt.py
+++ b/core/nginx/letsencrypt.py
@@ -36,6 +36,12 @@ command2 = [
     "--post-hook", "/config.py"
 ]
 
+# if dane is used we recommend pinning to the key, so it should not change
+# ('true','yes') to be consistent with the logic in configuration.py
+if os.environ.get("TLS_REUSE_KEY", "false").lower() in ('true','yes'):
+    command.append("--reuse-key")
+    command2.append("--reuse-key")
+
 # Wait for nginx to start
 time.sleep(5)