diff --git a/src/openssl.js b/src/openssl.js
index 71fe1b4a9..63eb866e9 100644
--- a/src/openssl.js
+++ b/src/openssl.js
@@ -31,8 +31,7 @@ async function generateKey(certName, type) {
 
     if (type === 'rsa4096') {
         return await shell.spawn('openssl', ['genrsa', '4096'], { encoding: 'utf8' });
-    } else if (type === 'secp384r1') {
-        // secp384r1 is same as prime256v1. openssl ecparam -list_curves. we used to use secp384r1 but it doesn't seem to be accepted by few mail servers
+    } else if (type === 'secp256r1') {
         return await shell.spawn('openssl', ['ecparam', '-genkey', '-name', type], { encoding: 'utf8' });
     }
 }
diff --git a/src/reverseproxy.js b/src/reverseproxy.js
index 38ab45d12..94383d0f0 100644
--- a/src/reverseproxy.js
+++ b/src/reverseproxy.js
@@ -300,12 +300,10 @@ async function getKey(certName) {
     assert.strictEqual(typeof certName, 'string');
 
     const key = await blobs.getString(`${blobs.CERT_PREFIX}-${certName}.key`);
-    if (key) {
-        debug(`ensureKey: reuse existing key for ${certName}`);
-        return key;
-    }
+    if (key) return key;
 
     debug(`ensureKey: generating new key for ${certName}`);
+    // secp384r1 is same as prime256v1. openssl ecparam -list_curves. we used to use secp384r1 but it doesn't seem to be accepted by few mail servers
     return await openssl.generateKey('secp256r1');
 };