diff --git a/admin/cli/haproxy-dump-certs b/admin/cli/haproxy-dump-certs
index 592147e88..1b2c15739 100755
--- a/admin/cli/haproxy-dump-certs
+++ b/admin/cli/haproxy-dump-certs
@@ -60,6 +60,21 @@ read_certificate() {
 	return 0
 }
 
+cmp_certkey() {
+	prev=$1
+	new=$2
+
+	if [ ! -f "$prev" ]; then
+		return 1;
+	fi
+
+	if ! cmp -s <(openssl x509 -in "$prev" -noout -fingerprint -sha256) <(openssl x509 -in "$new" -noout -fingerprint -sha256); then
+		return 1
+	fi
+
+	return 0
+}
+
 dump_certificate() {
 	name=$1
 	crt_filename=$2
@@ -82,6 +97,11 @@ dump_certificate() {
 		return 1
 	fi
 
+	if cmp_certkey "${crt_filename}" "${crt_filename}.${tmp}"; then
+		echo "notice: ${crt_filename} is already up to date"
+		return 0
+	fi
+
 	# move the current certificates to ".old.timestamp"
 	mv "${crt_filename}" "${crt_filename}.${d}"
 	[ "${crt_filename}" != "${key_filename}" ] && mv "${key_filename}" "${key_filename}.${d}"