diff --git a/include/haproxy/ssl_ckch-t.h b/include/haproxy/ssl_ckch-t.h
index 01f972045..00a1d729b 100644
--- a/include/haproxy/ssl_ckch-t.h
+++ b/include/haproxy/ssl_ckch-t.h
@@ -87,6 +87,7 @@ struct ckch_store {
 	struct list ckch_inst; /* list of ckch_inst which uses this ckch_node */
 	struct list crtlist_entry; /* list of entries which use this store */
 	struct ckch_conf conf;
+	struct task *acme_task;
 	struct ebmb_node node;
 	char path[VAR_ARRAY];
 };
diff --git a/src/acme.c b/src/acme.c
index 86199288c..47520a738 100644
--- a/src/acme.c
+++ b/src/acme.c
@@ -1789,6 +1789,11 @@ static int cli_acme_renew_parse(char **args, char *payload, struct appctx *appct
 		goto err;
 	}
 
+	if (store->acme_task != NULL) {
+		memprintf(&err, "An ACME task is already running for certificate '%s'.\n", args[2]);
+		goto err;
+	}
+
 	if (store->conf.acme.id == NULL) {
 		memprintf(&err, "No ACME configuration defined for file '%s'.\n", args[2]);
 		goto err;
@@ -1806,6 +1811,18 @@ static int cli_acme_renew_parse(char **args, char *payload, struct appctx *appct
 		goto err;
 	}
 
+
+	task = task_new_anywhere();
+	if (!task)
+		goto err;
+	task->nice = 0;
+	task->process = acme_process;
+
+        /* register the task in the store so we don't
+	 * have 2 tasks at the same time
+	 */
+        store->acme_task = task;
+
 	HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
 
 	ctx = calloc(1, sizeof *ctx);
@@ -1855,15 +1872,8 @@ static int cli_acme_renew_parse(char **args, char *payload, struct appctx *appct
 		goto err;
 	}
 
-
 	ctx->store = newstore;
 	ctx->cfg = cfg;
-
-	task = task_new_anywhere();
-	if (!task)
-		goto err;
-	task->nice = 0;
-	task->process = acme_process;
 	task->context = ctx;
 
 	task_wakeup(task, TASK_WOKEN_INIT);