diff --git a/bin/ovpn_create_client b/bin/ovpn_create_client
index 6b3ad5d..f4b0ff8 100755
--- a/bin/ovpn_create_client
+++ b/bin/ovpn_create_client
@@ -32,6 +32,9 @@ cat << EOF | easyrsa build-client-full "$cn" nopass
 yes
 EOF
 
-# Skip confirmation if not running in interctive mode. Essential for integration tests.
-google-authenticator --time-based --disallow-reuse --force --rate-limit=3 --rate-time=30 --window-size=3 \
+# Do not overwrite potential existing config during the re-issue flow
+if [ ! -f /etc/openvpn/otp/${cn}.google_authenticator ] ; then
+  # Skip confirmation if not running in interctive mode. Essential for integration tests.
+  google-authenticator --time-based --disallow-reuse --force --rate-limit=3 --rate-time=30 --window-size=3 \
 		-l "${cn}" -i "${server}" -s /etc/openvpn/otp/${cn}.google_authenticator --no-confirm -q
+fi
diff --git a/bin/ovpn_revokeclient b/bin/ovpn_revokeclient
index 062eac0..f0d3e07 100755
--- a/bin/ovpn_revokeclient
+++ b/bin/ovpn_revokeclient
@@ -32,4 +32,6 @@ echo "Revoked $cn"
 echo "Updating crl.pem"
 easyrsa gen-crl
 
-rm -f $OPENVPN/pki/issued/$cn.crt $OPENVPN/pki/private/$cn.key $OPENVPN/pki/reqs/$cn.req $OPENVPN/otp/$cn.google_authenticator
+rm -f $OPENVPN/pki/issued/$cn.crt $OPENVPN/pki/private/$cn.key $OPENVPN/pki/reqs/$cn.req
+# do not delete OTP to allow reuse after re-issued cert, left overs OTP data wont hurt anyone
+# rm -f $OPENVPN/otp/$cn.google_authenticator