diff --git a/lib.d/make-selfsigned-wildcard-ssl-cert.sh b/lib.d/make-selfsigned-wildcard-ssl-cert.sh
index 0a4705a..a3aa72f 100755
--- a/lib.d/make-selfsigned-wildcard-ssl-cert.sh
+++ b/lib.d/make-selfsigned-wildcard-ssl-cert.sh
@@ -16,6 +16,14 @@ certfile="$PRIMARY.cert"
 
 this=`basename $0`
 
+# abort on any pre-existing PEM clash, figure it out later
+for existing in $pemfile $csrfile $certfile ; do
+    if [ -s $existing ] ; then
+        echo $this: $existing already exists, exiting... 1>&2
+        exit 1
+    fi
+done
+
 tmp_suffix="$$.tmp"
 dns="dns_${tmp_suffix}"
 
@@ -67,13 +75,6 @@ dn_o="The SSL Onion Space" # OrganizationName
 dn_ou="Self Signed Certificates" # OrganizationalUnitName
 SUBJECT="/C=${dn_c}/ST=${dn_st}/L=${dn_l}/O=${dn_o}/OU=${dn_ou}/CN=${PRIMARY}"
 
-for existing in $pemfile $csrfile $certfile ; do
-    if [ -s $existing ] ; then
-        echo $this: $existing already exists, exiting... 1>&2
-        exit 1
-    fi
-done
-
 subjectaltname=`awk '{printf "DNS." NR ":" $1 ","}' < $dns | sed -e 's/,$//'`
 
 rm $dns