diff --git a/cert/io.go b/cert/io.go
index a57bf09..5319566 100644
--- a/cert/io.go
+++ b/cert/io.go
@@ -86,14 +86,16 @@ func WriteKey(keyPath string, data []byte) error {
 
 // LoadOrGenerateKeyFile looks for a key in the file at the given path. If it
 // can't find one, it will generate a new key and store it there.
-func LoadOrGenerateKeyFile(keyPath string) (data []byte, wasGenerated bool, err error) {
-	loadedData, err := ioutil.ReadFile(keyPath)
-	// Call verifyKeyData to ensure the file wasn't empty/corrupt.
-	if err == nil && verifyKeyData(loadedData) {
-		return loadedData, false, err
-	}
-	if !os.IsNotExist(err) {
-		return nil, false, fmt.Errorf("error loading key from %s: %v", keyPath, err)
+func LoadOrGenerateKeyFile(keyPath string, force bool) (data []byte, wasGenerated bool, err error) {
+	if !force {
+		loadedData, err := ioutil.ReadFile(keyPath)
+		// Call verifyKeyData to ensure the file wasn't empty/corrupt.
+		if err == nil && verifyKeyData(loadedData) {
+			return loadedData, false, err
+		}
+		if !os.IsNotExist(err) {
+			return nil, false, fmt.Errorf("error loading key from %s: %v", keyPath, err)
+		}
 	}
 
 	generatedData, err := MakeEllipticPrivateKeyPEM()