diff --git a/files/geant_acme_uploader.py b/files/geant_acme_uploader.py
index d44fe7bc672dff5a63b4867104d661e487d279ec..30d97374f08cfb9e63afa98f0830dd85bd17190e 100755
--- a/files/geant_acme_uploader.py
+++ b/files/geant_acme_uploader.py
@@ -130,7 +130,7 @@ if __name__ == "__main__":
     ARGS = docopt(__doc__)
     DOMAIN = ARGS['--domain']
     if ARGS['--wildcard']:
-        CLIENT = 'common'
+        CLIENT = ['common']
         WILDCARD = 'wildcard_'
     else:
         CLIENT = ARGS['--client']
@@ -166,36 +166,38 @@ if __name__ == "__main__":
         print('could not access {}: giving up...'.format(KEYPATH))
         os.sys.exit(1)
 
-    # upload certificates to Redis
-    for certname in ['cert.pem', 'chain.pem', 'fullchain.pem']:
-        certpath = os.path.join(BASEDIR, DOMAIN, certname)
-        with open(certpath, 'r') as certfile:
-            certdata_local = certfile.read()
-            domain_underscored = DOMAIN.replace('.', '_')
-            certname_renamed = certname.replace(
-                'cert.pem', 'pem').replace('.', '_')
-            redis_full_path = '{}:redis_{}_{}'.format(
-                CLIENT, domain_underscored, certname_renamed)
-            certdata_upstream = redis_download(REDIS_HOST, REDIS_TOKEN, redis_full_path)
-
-            if certdata_local != certdata_upstream:
-                print('uploading to Redis: {}'.format(redis_full_path))
-                redis_upload(REDIS_HOST, REDIS_TOKEN, redis_full_path, certdata_local)
+
+    for CLIENT_ITEM in CLIENT:
+        # upload certificates to Redis
+        for certname in ['cert.pem', 'chain.pem', 'fullchain.pem']:
+            certpath = os.path.join(BASEDIR, DOMAIN, certname)
+            with open(certpath, 'r') as certfile:
+                certdata_local = certfile.read()
+                domain_underscored = DOMAIN.replace('.', '_')
+                certname_renamed = certname.replace(
+                    'cert.pem', 'pem').replace('.', '_')
+                redis_full_path = '{}:redis_{}_{}'.format(
+                    CLIENT_ITEM, domain_underscored, certname_renamed)
+                certdata_upstream = redis_download(REDIS_HOST, REDIS_TOKEN, redis_full_path)
+
+                if certdata_local != certdata_upstream:
+                    print('uploading to Redis: {}'.format(redis_full_path))
+                    redis_upload(REDIS_HOST, REDIS_TOKEN, redis_full_path, certdata_local)
+                else:
+                    print('redis key {} did not change: skipping'.format(redis_full_path))
+
+        # upload key to Vault
+        with open(KEYPATH, 'r') as keyfile:
+            KEYDATA_LOCAL = keyfile.read()
+            DOMAIN_UNDERSCORED = DOMAIN.replace('.', '_')
+            VAULT_FULL_PATH = 'puppet/{}/vault_{}{}_key'.format(
+                CLIENT_ITEM, WILDCARD, DOMAIN_UNDERSCORED)
+            KEYDATA_UPSTREAM = vault_dowload(VAULT_HOST, VAULT_TOKEN, VAULT_FULL_PATH)
+
+            if KEYDATA_LOCAL != KEYDATA_UPSTREAM:
+                print('uploading to Vault: {}'.format(VAULT_FULL_PATH))
+                vault_upload(VAULT_HOST, VAULT_TOKEN, VAULT_FULL_PATH, KEYDATA_LOCAL)
             else:
-                print('redis key {} did not change: skipping'.format(redis_full_path))
-
-    # upload key to Vault
-    with open(KEYPATH, 'r') as keyfile:
-        KEYDATA_LOCAL = keyfile.read()
-        DOMAIN_UNDERSCORED = DOMAIN.replace('.', '_')
-        VAULT_FULL_PATH = 'puppet/{}/vault_{}{}_key'.format(
-            CLIENT, WILDCARD, DOMAIN_UNDERSCORED)
-        KEYDATA_UPSTREAM = vault_dowload(VAULT_HOST, VAULT_TOKEN, VAULT_FULL_PATH)
-
-        if KEYDATA_LOCAL != KEYDATA_UPSTREAM:
-            print('uploading to Vault: {}'.format(VAULT_FULL_PATH))
-            vault_upload(VAULT_HOST, VAULT_TOKEN, VAULT_FULL_PATH, KEYDATA_LOCAL)
-        else:
-            print('vault key {} did not change: skipping'.format(VAULT_FULL_PATH))
+                print('vault key {} did not change: skipping'.format(VAULT_FULL_PATH))
 
     redis_save(REDIS_HOST, REDIS_TOKEN)