diff --git a/files/geant_acme.py b/files/geant_acme.py
index 93e6cca4854851082870cff138cbba03ef629242..9acbfd0e2f9f27a36f88ab26d3cf9077fc162104 100755
--- a/files/geant_acme.py
+++ b/files/geant_acme.py
@@ -119,8 +119,8 @@ def run_certbot(cbot_domain, wild_card=None):
         msg = decoded_msg[:decoded_msg.rfind('\n')]
 
     print(msg)
-    if msg.find('Certificate not yet due for renewal') != -1:
-        os_exit()
+    #if msg.find('Certificate not yet due for renewal') != -1:
+    #    os_exit()
 
     return msg
 
@@ -177,7 +177,6 @@ if __name__ == "__main__":
                     domain_item, DEL_STATUS))
                 os_exit()
 
-
     # if we are here, everything went fine and we can upload the certificates
     if WILDCARD:
         UPLOADER = '/root/bin/upload_wildcards.py -d {}'.format(DOMAIN[0])
diff --git a/files/geant_acme_uploader.py b/files/geant_acme_uploader.py
index ca362a9b89be3085e6c8c3302d8bbb6ac2e76295..0fdf3a4186db65a626909b3fee8604ed03804da2 100755
--- a/files/geant_acme_uploader.py
+++ b/files/geant_acme_uploader.py
@@ -20,6 +20,19 @@ import requests
 from requests.packages.urllib3.exceptions import InsecureRequestWarning #pylint: disable=E0401
 
 
+def redis_download(redis_host, redis_token, key):
+    """ download a key """
+    r_client = redis.StrictRedis(
+        host=redis_host, password=redis_token, port=6379, db=0)
+
+    try:
+        redis_value = r_client.get(key).decode('utf-8')
+    except Exception as err:
+        redis_value = err
+
+    return redis_value
+
+
 def redis_upload(redis_host, redis_token, key, value):
     """ upload a key """
     r_client = redis.StrictRedis(
@@ -82,17 +95,25 @@ if __name__ == "__main__":
     BASEDIR = '/etc/letsencrypt/live'
 
     for certname in ['cert.pem', 'chain.pem', 'fullchain.pem']:
-        with open(os.path.join(BASEDIR, DOMAIN, certname), 'r') as certfile:
-            certdata = certfile.read()
-            domain_underscored = DOMAIN.replace('.', '_')
-            # let's rename everything to .crt, which is what we normally use
-            certname_renamed = certname.replace(
-                'cert.pem', 'crt').replace('chain.pem', 'chain_crt')
-            redis_full_path = '{}:redis_{}_{}'.format(
-                CLIENT, domain_underscored, certname_renamed)
-
-            print('uploading to Redis: {}'.format(redis_full_path))
-            redis_upload(REDIS_HOST, REDIS_TOKEN, redis_full_path, certdata)
+        if os.access(certname, os.W_OK):
+            with open(os.path.join(BASEDIR, DOMAIN, certname), 'r') as certfile:
+                certdata_downstream = certfile.read()
+                domain_underscored = DOMAIN.replace('.', '_')
+                # let's rename everything to .crt, which is what we normally use
+                certname_renamed = certname.replace(
+                    'cert.pem', 'crt').replace('chain.pem', 'chain_crt')
+                redis_full_path = '{}:redis_{}_{}'.format(
+                    CLIENT, domain_underscored, certname_renamed)
+                certdata_upstream = redis_download(REDIS_HOST, REDIS_TOKEN, redis_full_path)
+
+                if certdata_downstream != certdata_upstream:
+                    print('uploading to Redis: {}'.format(redis_full_path))
+                    redis_upload(REDIS_HOST, REDIS_TOKEN, redis_full_path, certdata_downstream)
+                else:
+                    print('key {} did not change: skipping')
+        else:
+            print('could not access {}: giving up...'.format(certname))
+            os.sys.exit(1)
 
     with open(os.path.join(BASEDIR, DOMAIN, 'privkey.pem'), 'r') as keyfile:
         KEYDATA = keyfile.read()
diff --git a/files/upload_wildcards.py b/files/upload_wildcards.py
index 473845361ca81d44d4bb0320ab8b03470f2691d9..e9c176896d18eff7d824bca31fe60e49f2fe2f2d 100755
--- a/files/upload_wildcards.py
+++ b/files/upload_wildcards.py
@@ -19,6 +19,19 @@ import requests
 from requests.packages.urllib3.exceptions import InsecureRequestWarning #pylint: disable=E0401
 
 
+def redis_download(redis_host, redis_token, key):
+    """ download a key """
+    r_client = redis.StrictRedis(
+        host=redis_host, password=redis_token, port=6379, db=0)
+
+    try:
+        redis_value = r_client.get(key).decode('utf-8')
+    except Exception as err:
+        redis_value = err
+
+    return redis_value
+
+
 def redis_upload(redis_host, redis_token, key, value):
     """ upload a key """
     r_client = redis.StrictRedis(
@@ -82,15 +95,24 @@ if __name__ == "__main__":
     os.sys.stdout = os.sys.stderr = open('/var/log/acme/acme.log', 'a', 1)
 
     # upload certificates to Redis
-    for keyname in ['cert.pem', 'chain.pem', 'fullchain.pem']:
-        with open(os.path.join(BASEDIR, DOMAIN, keyname), 'r') as certfile:
-            keydata = certfile.read()
-            domain_underscored = DOMAIN.replace('.', '_')
-            keyname_underscored = keyname.replace('.', '_')
-            redis_full_path = 'common:redis_{}_{}'.format(
-                domain_underscored, keyname_underscored)
-            print('uploading to Redis: {}'.format(redis_full_path))
-            redis_upload(REDIS_HOST, REDIS_TOKEN, redis_full_path, keydata)
+    for certname in ['cert.pem', 'chain.pem', 'fullchain.pem']:
+        if os.access(certname, os.W_OK):
+            with open(os.path.join(BASEDIR, DOMAIN, certname), 'r') as certfile:
+                certdata_downstream = certfile.read()
+                domain_underscored = DOMAIN.replace('.', '_')
+                certname_underscored = certname.replace('.', '_')
+                redis_full_path = 'common:redis_{}_{}'.format(
+                    domain_underscored, certname_underscored)
+                certdata_upstream = redis_download(REDIS_HOST, REDIS_TOKEN, redis_full_path)
+
+                if certdata_downstream != certdata_upstream:
+                    print('uploading to Redis: {}'.format(redis_full_path))
+                    redis_upload(REDIS_HOST, REDIS_TOKEN, redis_full_path, certdata_downstream)
+                else:
+                    print('key {} did not change: skipping')
+        else:
+            print('could not access {}: giving up...'.format(certname))
+            os.sys.exit(1)
 
     # upload keys to Vault
     with open(os.path.join(BASEDIR, DOMAIN, 'privkey.pem'), 'r') as keyfile: