diff --git a/stapler/cert_manager.py b/stapler/cert_manager.py
index f553df6..fc23bb4 100644
--- a/stapler/cert_manager.py
+++ b/stapler/cert_manager.py
@@ -106,7 +106,7 @@ class CertManager:
                     "req",
                     "-new",
                     "-newkey",
-                    "rsa:4096",
+                    "rsa:2048",
                     "-days",
                     str(self.SELF_SIGNED_DAYS),
                     "-nodes",
@@ -192,7 +192,7 @@ class CertManager:
         _: ssl.SSLSocket,
         /,
     ) -> None | int:
-        if host is None or not valid_host(host):
+        if host is None or is_valid_host(host):
             return None
         self.logger.debug("servername callback: %s", host)
         if not self.exists(host) and not self.create_or_update(host):