According to the documentation, it is possible to tell certbot to reuse the same private key that already exists in the current certificate. Thus I have been running the following command to renew certificates:

certbot renew
–rsa-key-size 4096
–no-self-upgrade
–dns-route53
–noninteractive
–reuse-key
–post-hook ‘systemctl reload nginx.service’

Nevertheless, the cert.pem is modified after this operation – when diffing it with its version before renewal. I would expect it not to change at all since the private key is being reused.

I need to reuse the same public key in order to avoid pinning issues with IOS, is there a way to actually preserve it?

https://community.letsencrypt.org/t/certbot-reuse-key-flag-does-not-preserve-public-key/101049