diff --git a/shellpki b/shellpki
index 9fc7c5b..ed7584e 100755
--- a/shellpki
+++ b/shellpki
@@ -630,7 +630,7 @@ create() {
         # get CN from CSR
         cn=$("${OPENSSL_BIN}" req -noout -subject -in "${csr_file}" | grep -Eo "CN\s*=[^,/]*" | cut -d'=' -f2 | xargs)
 
-        # check if CN already exist
+        # check if CN already exists
         if [ -f "${crt_file}" ]; then
             replace_existing_or_abort "${cn}"
         fi
@@ -665,11 +665,6 @@ create() {
         ovpn_file="${OVPN_DIR}/${cn}-${SUFFIX}.ovpn"
         pkcs12_file="${PKCS12_DIR}/${cn}-${SUFFIX}.p12"
 
-        # check if CN already exist
-        if [ -f "${crt_file}" ]; then
-            replace_existing_or_abort "${cn}"
-        fi
-
         # ask for CA passphrase
         ask_ca_password 0
 
@@ -677,6 +672,11 @@ create() {
             ask_user_password
         fi
 
+        # check if CN already exists
+        if [ -f "${crt_file}" ]; then
+            replace_existing_or_abort "${cn}"
+        fi
+
         # generate private key
         pass_args=""
         if [ -n "${password_file:-}" ]; then