diff --git a/check-certificates.rsc b/check-certificates.rsc
index 88f144a2..9aa11c10 100644
--- a/check-certificates.rsc
+++ b/check-certificates.rsc
@@ -194,9 +194,15 @@
 
         :local CertNew [ /certificate/find where name~("^" . [ $EscapeForRegEx [ $UrlEncode $FetchName ] ] . "\\.(p12|pem)_[0-9]+\$") \
           (common-name=($CertVal->"common-name") or subject-alt-name~("(^|\\W)(DNS|IP):" . [ $EscapeForRegEx $LastName ] . "(\\W|\$)")) \
-          fingerprint!=[ :tostr ($CertVal->"fingerprint") ] expires-after>$CertRenewTime ];
+          fingerprint!=[ :tostr ($CertVal->"fingerprint") ] ];
         :local CertNewVal [ /certificate/get $CertNew ];
 
+        :if (($CertVal->"expires-after") > ($CertNewVal->"expires-after")) do={
+          /certificate/remove $CertNew;
+          $LogPrint warning $ScriptName ("Old certificate is newer than the new one. Aborting renew.");
+          :error false;
+        }
+
         :if (($CertVal->"private-key") = true && ($CertVal->"private-key") != ($CertNewVal->"private-key")) do={
           /certificate/remove $CertNew;
           $LogPrint warning $ScriptName ("Old certificate '" . ($CertVal->"name") . "' has a private key, new certificate does not. Aborting renew.");