diff --git a/duckdns/CHANGELOG.md b/duckdns/CHANGELOG.md
index d0d2b26..a49d8d6 100644
--- a/duckdns/CHANGELOG.md
+++ b/duckdns/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog
 
+## 1.14.0
+
+- Add option to specify algorithm used for SSL certificates
+
 ## 1.13.0
 
 - Update base to 3.14
diff --git a/duckdns/DOCS.md b/duckdns/DOCS.md
index 3f22e38..e2ae592 100644
--- a/duckdns/DOCS.md
+++ b/duckdns/DOCS.md
@@ -62,6 +62,15 @@ The name of the private key file generated by Let's Encrypt. The private key fil
 
 **Note**: _The file is stored in `/ssl/`, which is the default for Home Assistant_
 
+#### Option `lets_encrypt.algo` (optional)
+
+Public key algorithm that will be used.
+
+Supported values: `rsa`, `prime256v1` and `secp384r1`. 
+
+The default is `secp384r1`
+
+
 ### Option: `ipv4` (optional)
 
 By default, Duck DNS will auto detect your IPv4 address and use that.
diff --git a/duckdns/config.json b/duckdns/config.json
index d96bb48..4602c82 100644
--- a/duckdns/config.json
+++ b/duckdns/config.json
@@ -1,6 +1,6 @@
 {
   "name": "Duck DNS",
-  "version": "1.13.0",
+  "version": "1.14.0",
   "slug": "duckdns",
   "description": "Free Dynamic DNS (DynDNS or DDNS) service with Let's Encrypt support",
   "url": "https://github.com/home-assistant/hassio-addons/tree/master/duckdns",
@@ -11,7 +11,8 @@
     "lets_encrypt": {
       "accept_terms": false,
       "certfile": "fullchain.pem",
-      "keyfile": "privkey.pem"
+      "keyfile": "privkey.pem",
+      "algo": "secp384r1"
     },
     "token": null,
     "domains": [null],
@@ -22,7 +23,8 @@
     "lets_encrypt": {
       "accept_terms": "bool",
       "certfile": "str",
-      "keyfile": "str"
+      "keyfile": "str",
+      "algo": "list(rsa|prime256v1|secp384r1)"
     },
     "ipv4": "str?",
     "ipv6": "str?",
diff --git a/duckdns/data/run.sh b/duckdns/data/run.sh
index 969a1b7..7836958 100755
--- a/duckdns/data/run.sh
+++ b/duckdns/data/run.sh
@@ -12,6 +12,7 @@ if bashio::config.has_value "ipv6"; then IPV6=$(bashio::config 'ipv6'); else IPV
 TOKEN=$(bashio::config 'token')
 DOMAINS=$(bashio::config 'domains | join(",")')
 WAIT_TIME=$(bashio::config 'seconds')
+ALGO=$(bashio::config 'lets_encrypt.algo')
 
 # Function that performe a renew
 function le_renew() {
@@ -36,7 +37,7 @@ function le_renew() {
         domain_args+=("--domain" "${domain}")
     done
 
-    dehydrated --cron --hook ./hooks.sh --challenge dns-01 "${domain_args[@]}" --out "${CERT_DIR}" --config "${WORK_DIR}/config" || true
+    dehydrated --cron --algo "${ALGO}" --hook ./hooks.sh --challenge dns-01 "${domain_args[@]}" --out "${CERT_DIR}" --config "${WORK_DIR}/config" || true
     LE_UPDATE="$(date +%s)"
 }
 
@@ -72,11 +73,11 @@ while true; do
     else
         bashio::log.warning "${answer}"
     fi
-    
+
     now="$(date +%s)"
     if bashio::config.true 'lets_encrypt.accept_terms' && [ $((now - LE_UPDATE)) -ge 43200 ]; then
         le_renew
     fi
-    
+
     sleep "${WAIT_TIME}"
 done