diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index 7363fdb6a..71a6cab4f 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -6055,6 +6055,23 @@ done
 cmd="$1"
 [ "$1" ] && shift # scrape off command
 
+# Intelligent env-var detection and auto-loading:
+# Select vars file as EASYRSA_VARS_FILE
+# then source the vars file, if found
+# otherwise, ignore no vars file
+select_vars && source_vars "$EASYRSA_VARS_FILE"
+
+# then set defaults
+default_vars
+
+# Check for unexpected changes to EASYRSA or EASYRSA_PKI
+# This will be resolved in v3.2.0
+# https://github.com/OpenVPN/easy-rsa/issues/1006
+validate_default_vars
+
+# Check for conflicting input options
+mutual_exclusions
+
 # Establish PKI and CA initialisation requirements
 # This avoids unnecessary warnings and notices
 unset -v require_pki require_ca ignore_vars
@@ -6078,31 +6095,6 @@ case "$cmd" in
 		esac
 esac
 
-# Run these commands with NO setup
-case "$cmd" in
-	make-vars)
-		create_vars_example
-		cleanup ok
-	;;
-esac
-
-# Intelligent env-var detection and auto-loading:
-# Select vars file as EASYRSA_VARS_FILE
-# then source the vars file, if found
-# otherwise, ignore no vars file
-select_vars && source_vars "$EASYRSA_VARS_FILE"
-
-# then set defaults
-default_vars
-
-# Check for unexpected changes to EASYRSA or EASYRSA_PKI
-# This will be resolved in v3.2.0
-# https://github.com/OpenVPN/easy-rsa/issues/1006
-validate_default_vars
-
-# Check for conflicting input options
-mutual_exclusions
-
 # Hand off to the function responsible
 # ONLY verify_working_env() for valid commands
 case "$cmd" in
@@ -6247,6 +6239,10 @@ case "$cmd" in
 		verify_working_env
 		make_safe_ssl "$@"
 		;;
+	make-vars)
+		# verify_working_env - Not required
+		create_vars_example
+		;;
 	serial|check-serial)
 		verify_working_env
 		# Called with --batch, this will return error