diff --git a/scripts/jobs/cron_letsencrypt.php b/scripts/jobs/cron_letsencrypt.php
index 9a20a714..cfca074e 100644
--- a/scripts/jobs/cron_letsencrypt.php
+++ b/scripts/jobs/cron_letsencrypt.php
@@ -111,7 +111,8 @@ if (Settings::Get('system.le_froxlor_enabled') == '1') {
 		'ssl_cert_file' => null,
 		'ssl_key_file' => null,
 		'ssl_ca_file' => null,
-		'ssl_csr_file' => null
+		'ssl_csr_file' => null,
+		'id' => null
 	);
 
 	$froxlor_ssl_settings_stmt = Database::prepare("
@@ -121,6 +122,7 @@ if (Settings::Get('system.le_froxlor_enabled') == '1') {
 	");
 	$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
 
+	$insert_or_update_required = true;
 	if ($froxlor_ssl) {
 		$certrow['id'] = $froxlor_ssl['id'];
 		$certrow['expirationdate'] = $froxlor_ssl['expirationdate'];
@@ -128,60 +130,74 @@ if (Settings::Get('system.le_froxlor_enabled') == '1') {
 		$certrow['ssl_key_file'] = $froxlor_ssl['ssl_key_file'];
 		$certrow['ssl_ca_file'] = $froxlor_ssl['ssl_ca_file'];
 		$certrow['ssl_csr_file'] = $froxlor_ssl['ssl_csr_file'];
-	}
-	$domains = array(
-		$certrow['domain'],
-		'www.'.$certrow['domain']
-	);
-
-	// Only renew let's encrypt certificate if no broken ssl_redirect is enabled
-	if ($certrow['ssl_redirect'] != 2) {
-		$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Updating " . $certrow['domain']);
-
-		$cronlog = FroxlorLogger::getInstanceOf(array(
-			'loginname' => $certrow['loginname']
-		));
-
-		try {
-			// Initialize Lescript with documentroot
-			$le = new lescript($cronlog, $version);
-
-			// Initialize Lescript
-			$le->initAccount($certrow, true);
-
-			// Request the new certificate (old key may be used)
-			$return = $le->signDomains($domains, $certrow['ssl_key_file'], $certrow['ssl_csr_file']);
-
-			// We are interessted in the expirationdate
-			$newcert = openssl_x509_parse($return['crt']);
-
-			// Store the new data
-			Database::pexecute($updcert_stmt,
-				array(
-					'id' => $certrow['id'],
-					'domainid' => $certrow['domainid'],
-					'crt' => $return['crt'],
-					'key' => $return['key'],
-					'ca' => $return['chain'],
-					'chain' => $return['chain'],
-					'csr' => $return['csr'],
-					'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
-				));
-
-			if ($certrow['ssl_redirect'] == 3) {
-				Settings::Set('system.le_froxlor_redirect', '1');
-			}
-
-			$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updated Let's Encrypt certificate for " . $certrow['domain']);
-
-			$changedetected = 1;
-		} catch (Exception $e) {
-			$cronlog->logAction(CRON_ACTION, LOG_ERR,
-				"Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
-		}
 	} else {
-		$cronlog->logAction(CRON_ACTION, LOG_WARNING,
-			"Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
+		// check whether we have an entry with valid certificates which just does not need
+		// updating yet, so we need to skip this here
+		$froxlor_ssl_settings_stmt = Database::prepare("
+			SELECT * FROM `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."` WHERE `domainid` = '0'
+		");
+		$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
+		if ($froxlor_ssl && !empty($froxlor_ssl['ssl_cert_file'])) {
+			$insert_or_update_required = false;
+		}
+	}
+
+	if ($insert_or_update_required)
+	{
+		$domains = array(
+			$certrow['domain'],
+			'www.'.$certrow['domain']
+		);
+
+		// Only renew let's encrypt certificate if no broken ssl_redirect is enabled
+		if ($certrow['ssl_redirect'] != 2) {
+			$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Updating " . $certrow['domain']);
+
+			$cronlog = FroxlorLogger::getInstanceOf(array(
+				'loginname' => $certrow['loginname']
+			));
+
+			try {
+				// Initialize Lescript with documentroot
+				$le = new lescript($cronlog, $version);
+
+				// Initialize Lescript
+				$le->initAccount($certrow, true);
+
+				// Request the new certificate (old key may be used)
+				$return = $le->signDomains($domains, $certrow['ssl_key_file'], $certrow['ssl_csr_file']);
+
+				// We are interessted in the expirationdate
+				$newcert = openssl_x509_parse($return['crt']);
+
+				// Store the new data
+				Database::pexecute($updcert_stmt,
+					array(
+						'id' => $certrow['id'],
+						'domainid' => $certrow['domainid'],
+						'crt' => $return['crt'],
+						'key' => $return['key'],
+						'ca' => $return['chain'],
+						'chain' => $return['chain'],
+						'csr' => $return['csr'],
+						'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
+					));
+
+				if ($certrow['ssl_redirect'] == 3) {
+					Settings::Set('system.le_froxlor_redirect', '1');
+				}
+
+				$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updated Let's Encrypt certificate for " . $certrow['domain']);
+
+				$changedetected = 1;
+			} catch (Exception $e) {
+				$cronlog->logAction(CRON_ACTION, LOG_ERR,
+					"Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
+			}
+		} else {
+			$cronlog->logAction(CRON_ACTION, LOG_WARNING,
+				"Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
+		}
 	}
 }