diff --git a/acme/acme.sh b/acme/acme.sh
index 3805567..faddab2 100755
--- a/acme/acme.sh
+++ b/acme/acme.sh
@@ -17,7 +17,7 @@ acme() {
     cat /conf/account.conf >/acme.sh/account.conf
     /root/.acme.sh/acme.sh --upgrade
     /root/.acme.sh/acme.sh --register-account -m your@domain.com --server zerossl
-    /root/.acme.sh/acme.sh --issue $* --dns ${DNSAPI} -d ${DOMAIN} -d \*.${DOMAIN}
+    /root/.acme.sh/acme.sh --issue $* --keylength 2048 --dns ${DNSAPI} -d ${DOMAIN} -d \*.${DOMAIN}
     rm -rf /acme.sh/ca
     rm -rf /acme.sh/http.header
     if [ -f /acme.sh/${DOMAIN}/fullchain.cer ] && [ -f /acme.sh/${DOMAIN}/${DOMAIN}.key ]; then
diff --git a/install.sh b/install.sh
index 5c65e91..356d376 100644
--- a/install.sh
+++ b/install.sh
@@ -338,11 +338,11 @@ EOF
     echo -e "${Green}开始申请证书${Font}"
     if [ $AGENCY == "zerossl" ]; then
     docker exec ${TEMP} --register-account -m your@domain.com --server zerossl
-    docker exec ${TEMP} --issue --server letsencrypt $* --dns ${DNSAPI} -d ${DOMAIN} -d \*.${DOMAIN}
+    docker exec ${TEMP} --issue --keylength 2048 --server letsencrypt $* --dns ${DNSAPI} -d ${DOMAIN} -d \*.${DOMAIN}
     fi
 
     if [ $AGENCY == "letsencrypt" ]; then
-    docker exec ${TEMP} --issue --server letsencrypt $* --dns ${DNSAPI} -d ${DOMAIN} -d \*.${DOMAIN}
+    docker exec ${TEMP} --issue --keylength 2048 --server letsencrypt $* --dns ${DNSAPI} -d ${DOMAIN} -d \*.${DOMAIN}
     fi
 
     # clean