diff --git a/certbot-ci/certbot_integration_tests/certbot_tests/test_main.py b/certbot-ci/certbot_integration_tests/certbot_tests/test_main.py
index f00cbd0c9..748b7699e 100644
--- a/certbot-ci/certbot_integration_tests/certbot_tests/test_main.py
+++ b/certbot-ci/certbot_integration_tests/certbot_tests/test_main.py
@@ -396,8 +396,35 @@ def test_reuse_key(context):
         cert3 = file.read()
 
     assert len({cert1, cert2, cert3}) == 3
-    
-    
+
+
+def test_ecdsa(context):
+    """Test certificate issuance with ECDSA key."""
+    key_path = join(context.workspace, 'privkey-p384.pem')
+    csr_path = join(context.workspace, 'csr-p384.der')
+    cert_path = join(context.workspace, 'cert-p384.pem')
+    chain_path = join(context.workspace, 'chain-p384.pem')
+
+    misc.generate_csr([context.get_domain('ecdsa')], key_path, csr_path, key_type=misc.ECDSA_KEY_TYPE)
+    context.certbot(['auth', '--csr', csr_path, '--cert-path', cert_path, '--chain-path', chain_path])
+
+    certificate = misc.read_certificate(cert_path)
+    assert 'ASN1 OID: secp384r1' in certificate
+
+
+def test_ocsp_must_staple(context):
+    """Test that OCSP Must-Staple is correctly set in the generated certificate."""
+    if context.acme_server == 'pebble':
+        pytest.skip('Pebble does not support OCSP Must-Staple.')
+
+    certname = context.get_domain('must-staple')
+    context.certbot(['auth', '--must-staple', '--domains', certname])
+
+    certificate = misc.read_certificate(join(context.config_dir,
+                                             'live/{0}/cert.pem').format(certname))
+    assert 'status_request' in certificate or '1.3.6.1.5.5.7.1.24' in certificate
+
+
 def test_revoke_simple(context):
     """Test various scenarios that revokes a certificate."""
     # Default action after revoke is to delete the certificate.
diff --git a/tox.ini b/tox.ini
index a396c3227..03a965544 100644
--- a/tox.ini
+++ b/tox.ini
@@ -259,6 +259,6 @@ commands =
         --cov=acme --cov=certbot --cov=certbot_nginx --cov-report= \
         --cov-config={toxinidir}/certbot-ci/certbot_integration_tests/.coveragerc \
         -W 'ignore:Unverified HTTPS request'
-    coverage report --include 'certbot/*' --show-missing --fail-under=56
+    coverage report --include 'certbot/*' --show-missing --fail-under=64
 passenv =
     DOCKER_*