+
+f=/etc/openvpn/client/$name.crt
+
+cert_to_test=$f
+if [[ $client_host ]]; then
+ cert_to_test=$(mktemp)
+ ssh root@$client_host cat $f 2>/dev/null >$cert_to_test ||:
+fi
+if ! $force && openssl x509 -checkend $(( 60 * 60 * 24 * 30 )) -noout -in $cert_to_test &>/dev/null; then
+ echo "$0: cert already exists. exiting early"
+ exit 0
+fi
+
+