diff --git a/optional/traefik-certdumper/run.sh b/optional/traefik-certdumper/run.sh
index 16f22dbc..2e507c77 100755
--- a/optional/traefik-certdumper/run.sh
+++ b/optional/traefik-certdumper/run.sh
@@ -5,14 +5,14 @@ function dump() {
 
     traefik-certs-dumper file --version ${TRAEFIK_VERSION:-v1} --crt-name "cert" --crt-ext ".pem" --key-name "key" --key-ext ".pem" --domain-subdir --dest /tmp/work --source /traefik/acme.json > /dev/null
 
-    if [[ -f /tmp/work/${DOMAIN}/cert.pem && -f /tmp/work/${DOMAIN}/key.pem && -f /output/cert.pem && -f /output/key.pem ]] && \
-	diff -q /tmp/work/${DOMAIN}/cert.pem /output/cert.pem >/dev/null && \
-	diff -q /tmp/work/${DOMAIN}/key.pem /output/key.pem >/dev/null ; \
+    if [[ -f "/tmp/work/${DOMAIN}/cert.pem" && -f "/tmp/work/${DOMAIN}/key.pem" && -f /output/cert.pem && -f /output/key.pem ]] && \
+	diff -q "/tmp/work/${DOMAIN}/cert.pem" /output/cert.pem >/dev/null && \
+	diff -q "/tmp/work/${DOMAIN}/key.pem" /output/key.pem >/dev/null ; \
     then
 	echo "$(date) Certificate and key still up to date, doing nothing"
     else
 	echo "$(date) Certificate or key differ, updating"
-	mv /tmp/work/${DOMAIN}/*.pem /output/
+	mv "/tmp/work/${DOMAIN}"/*.pem /output/
     fi
 }
 
diff --git a/towncrier/newsfragments/3129.bugfix b/towncrier/newsfragments/3129.bugfix
new file mode 100644
index 00000000..2f70b52a
--- /dev/null
+++ b/towncrier/newsfragments/3129.bugfix
@@ -0,0 +1 @@
+Add required quotes to traefik-certdumper to ensure that shell characters are usable.