diff --git a/cmd/spire-agent/cli/run/run.go b/cmd/spire-agent/cli/run/run.go
index de5ebb8ac9..7c66301f65 100644
--- a/cmd/spire-agent/cli/run/run.go
+++ b/cmd/spire-agent/cli/run/run.go
@@ -104,9 +104,6 @@ type agentConfig struct {
 	Experimental     experimentalConfig `hcl:"experimental"`
 
 	UnusedKeyPositions map[string][]token.Pos `hcl:",unusedKeyPositions"`
-
-	// Deprecated configurables
-	DisableReattestToRenew bool `hcl:"disable_reattest_to_renew"`
 }
 
 type sdsConfig struct {
@@ -606,11 +603,6 @@ func NewAgentConfig(c *Config, logOptions []log.Option, allowUnknownConfig bool)
 		logger.Warnf("Developer feature flag %q has been enabled", f)
 	}
 
-	ac.DisableReattestToRenew = c.Agent.DisableReattestToRenew
-	if c.Agent.DisableReattestToRenew {
-		logger.Warn("Disable reattest to renew flag will be removed in the next major release")
-	}
-
 	return ac, nil
 }
 
diff --git a/conf/agent/agent_full.conf b/conf/agent/agent_full.conf
index fa7b1daa64..fb353ae2bd 100644
--- a/conf/agent/agent_full.conf
+++ b/conf/agent/agent_full.conf
@@ -77,9 +77,6 @@ agent {
         # "spiffe://example.org/authorized_client1",
     # ]
 
-    # disable_reattest_to_renew: Allow agent to renew certificate when it expires rather than reattest
-    disable_reattest_to_renew = false
-
     # sds: Optional SDS configuration section.
     # sds = {
     #     # default_svid_name: The TLS Certificate resource name to use for the default
diff --git a/doc/spire_agent.md b/doc/spire_agent.md
index 5acf333c43..de5054d607 100644
--- a/doc/spire_agent.md
+++ b/doc/spire_agent.md
@@ -70,7 +70,6 @@ This may be useful for templating configuration files, for example across differ
 | `trust_domain`                    | The trust domain that this agent belongs to (should be no more than 255 characters)                                                                                                                                                               |                                  |
 | `workload_x509_svid_key_type`     | The workload X509 SVID key type &lt;rsa-2048&vert;ec-p256&gt;                                                                                                                                                                                     | ec-p256                          |
 | `availability_target`             | The minimum amount of time desired to gracefully handle SPIRE Server or Agent downtime. This configurable influences how aggressively X509 SVIDs should be rotated. If set, must be at least 24h. See [Availability Target](#availability-target) |                                  |
-| `disable_reattest_to_renew`       | Allow agent to renew certificate when it expires rather than reattest                                                                                                                                                                             | false                            |
 
 | experimental               | Description                                                                        | Default                 |
 |:---------------------------|------------------------------------------------------------------------------------|-------------------------|
diff --git a/pkg/agent/agent.go b/pkg/agent/agent.go
index 13e54524c9..0d11ca29e0 100644
--- a/pkg/agent/agent.go
+++ b/pkg/agent/agent.go
@@ -266,7 +266,6 @@ func (a *Agent) newManager(ctx context.Context, sto storage.Storage, cat catalog
 		SVIDKey:                  as.Key,
 		Bundle:                   as.Bundle,
 		Reattestable:             as.Reattestable,
-		DisableReattestToRenew:   a.c.DisableReattestToRenew,
 		Catalog:                  cat,
 		TrustDomain:              a.c.TrustDomain,
 		ServerAddr:               a.c.ServerAddress,
diff --git a/pkg/agent/config.go b/pkg/agent/config.go
index 86f1e98107..1d964be1d9 100644
--- a/pkg/agent/config.go
+++ b/pkg/agent/config.go
@@ -103,9 +103,6 @@ type Config struct {
 
 	// AvailabilityTarget controls how frequently rotate SVIDs
 	AvailabilityTarget time.Duration
-
-	// Deprecated config option to disable reattest to renew functionality
-	DisableReattestToRenew bool
 }
 
 func New(c *Config) *Agent {
diff --git a/pkg/agent/manager/config.go b/pkg/agent/manager/config.go
index f953e207e1..f5d71bbe12 100644
--- a/pkg/agent/manager/config.go
+++ b/pkg/agent/manager/config.go
@@ -27,7 +27,6 @@ type Config struct {
 	SVIDKey                  keymanager.Key
 	Bundle                   *managerCache.Bundle
 	Reattestable             bool
-	DisableReattestToRenew   bool
 	Catalog                  catalog.Catalog
 	TrustDomain              spiffeid.TrustDomain
 	Log                      logrus.FieldLogger
@@ -77,20 +76,19 @@ func newManager(c *Config) *manager {
 	}
 
 	rotCfg := &svid.RotatorConfig{
-		SVIDKeyManager:         keymanager.ForSVID(c.Catalog.GetKeyManager()),
-		Log:                    c.Log,
-		Metrics:                c.Metrics,
-		SVID:                   c.SVID,
-		SVIDKey:                c.SVIDKey,
-		BundleStream:           cache.SubscribeToBundleChanges(),
-		ServerAddr:             c.ServerAddr,
-		TrustDomain:            c.TrustDomain,
-		Interval:               c.RotationInterval,
-		Clk:                    c.Clk,
-		NodeAttestor:           c.NodeAttestor,
-		Reattestable:           c.Reattestable,
-		DisableReattestToRenew: c.DisableReattestToRenew,
-		RotationStrategy:       c.RotationStrategy,
+		SVIDKeyManager:   keymanager.ForSVID(c.Catalog.GetKeyManager()),
+		Log:              c.Log,
+		Metrics:          c.Metrics,
+		SVID:             c.SVID,
+		SVIDKey:          c.SVIDKey,
+		BundleStream:     cache.SubscribeToBundleChanges(),
+		ServerAddr:       c.ServerAddr,
+		TrustDomain:      c.TrustDomain,
+		Interval:         c.RotationInterval,
+		Clk:              c.Clk,
+		NodeAttestor:     c.NodeAttestor,
+		Reattestable:     c.Reattestable,
+		RotationStrategy: c.RotationStrategy,
 	}
 	svidRotator, client := svid.NewRotator(rotCfg)
 
diff --git a/pkg/agent/svid/rotator.go b/pkg/agent/svid/rotator.go
index cd4d64294f..fd532c44c8 100644
--- a/pkg/agent/svid/rotator.go
+++ b/pkg/agent/svid/rotator.go
@@ -138,22 +138,17 @@ func (r *rotator) SetRotationFinishedHook(f func()) {
 	r.rotationFinishedHook = f
 }
 
-func (r *rotator) Reattest(ctx context.Context) (err error) {
+func (r *rotator) Reattest(ctx context.Context) error {
 	state, ok := r.state.Value().(State)
 	if !ok {
 		return fmt.Errorf("unexpected value type: %T", r.state.Value())
 	}
 
-	if state.Reattestable {
-		if !r.c.DisableReattestToRenew {
-			err = r.reattest(ctx)
-		} else {
-			return errors.New("re-attestation is disabled")
-		}
-	} else {
+	if !state.Reattestable {
 		return errors.New("attestation method is not re-attestable")
 	}
 
+	err := r.reattest(ctx)
 	if err == nil && r.rotationFinishedHook != nil {
 		r.rotationFinishedHook()
 	}
@@ -168,7 +163,7 @@ func (r *rotator) rotateSVIDIfNeeded(ctx context.Context) (err error) {
 	}
 
 	if r.c.RotationStrategy.ShouldRotateX509(r.clk.Now(), state.SVID[0]) {
-		if state.Reattestable && !r.c.DisableReattestToRenew {
+		if state.Reattestable {
 			err = r.reattest(ctx)
 		} else {
 			err = r.rotateSVID(ctx)
diff --git a/pkg/agent/svid/rotator_config.go b/pkg/agent/svid/rotator_config.go
index 7441c4c61d..6eb4b0538d 100644
--- a/pkg/agent/svid/rotator_config.go
+++ b/pkg/agent/svid/rotator_config.go
@@ -22,14 +22,13 @@ import (
 const DefaultRotatorInterval = 5 * time.Second
 
 type RotatorConfig struct {
-	SVIDKeyManager         keymanager.SVIDKeyManager
-	Log                    logrus.FieldLogger
-	Metrics                telemetry.Metrics
-	TrustDomain            spiffeid.TrustDomain
-	ServerAddr             string
-	NodeAttestor           nodeattestor.NodeAttestor
-	Reattestable           bool
-	DisableReattestToRenew bool
+	SVIDKeyManager keymanager.SVIDKeyManager
+	Log            logrus.FieldLogger
+	Metrics        telemetry.Metrics
+	TrustDomain    spiffeid.TrustDomain
+	ServerAddr     string
+	NodeAttestor   nodeattestor.NodeAttestor
+	Reattestable   bool
 
 	// Initial SVID and key
 	SVID    []*x509.Certificate