diff --git a/tests/boulder-integration.sh b/tests/boulder-integration.sh
index b6c76ee22..8b6dc5f1b 100755
--- a/tests/boulder-integration.sh
+++ b/tests/boulder-integration.sh
@@ -51,14 +51,45 @@ common --domains le3.wtf install \
        --cert-path "${root}/csr/cert.pem" \
        --key-path "${root}/csr/key.pem"
 
+echo round 1
+
+CheckCertCount() {
+    CERTCOUNT=`ls "${root}/conf/archive/le.wtf/"* | wc -l`
+    if [ "$CERTCOUNT" -ne "$1" ] ; then
+        echo Wrong cert count, not "$1" `ls "${root}/conf/archive/le.wtf/"*`
+        exit 1
+    fi
+}
+
+CheckCertCount 4
 # This won't renew (because it's not time yet)
-letsencrypt_test_no_force_renew --authenticator standalone --installer null renew
+letsencrypt_test_no_force_renew --authenticator standalone --installer null renew -tvv
+CheckCertCount 4
+
+echo round 2
 
 # This will renew because the expiry is less than 10 years from now
-sed -i "4arenew_before_expiry = 10 years" "$root/conf/renewal/le1.wtf.conf"
-letsencrypt_test_no_force_renew --authenticator standalone --installer null renew
+sed -i "4arenew_before_expiry = 10 years" "$root/conf/renewal/le.wtf.conf"
+letsencrypt_test_no_force_renew --authenticator standalone --installer null renew # --renew-by-default
+CheckCertCount 8
+
+echo round 3
+
+# Check Param setting in renewal...
+letsencrypt_test_no_force_renew --authenticator standalone --installer null renew --renew-by-default 
+CheckCertCount 12
+echo round 4
+
+# The 4096 bit setting should persist to the first renewal, but be overriden in the second
+size2=`wc -c ${root}/conf/archive/le.wtf/privkey2.pem | cut -d" " -f1`
+size3=`wc -c ${root}/conf/archive/le.wtf/privkey3.pem | cut -d" " -f1`
+#if ! [ "$size3" -lt "$size2" ] ; then
+#    echo "key size failure:"
+#    ls -l ${root}/conf/archive/le.wtf/
+#    exit 1
+#fi
+
 
-ls "$root/conf/archive/le1.wtf"
 # dir="$root/conf/archive/le1.wtf"
 # for x in cert chain fullchain privkey;
 # do