From b74e40dde1ef3c994430feda782128f110e6f555 Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Thu, 22 Jan 2026 14:26:21 +0100
Subject: [PATCH] check-certificates: better error handling and reporting for
 downloads

---
 check-certificates.rsc | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/check-certificates.rsc b/check-certificates.rsc
index 4e1170d5..c75e3435 100644
--- a/check-certificates.rsc
+++ b/check-certificates.rsc
@@ -55,9 +55,17 @@
           "' (file '" . $CertFileName . "')...");
 
       :do {
-        /tool/fetch check-certificate=yes-without-crl http-header-field=({ [ $FetchUserAgentStr $ScriptName ] }) \
-            ($CertRenewUrl . $CertFileName) dst-path=$CertFileName as-value;
-        $WaitForFile $CertFileName;
+        :onerror Err {
+          /tool/fetch check-certificate=yes-without-crl \
+              http-header-field=({ [ $FetchUserAgentStr $ScriptName ] }) \
+              ($CertRenewUrl . $CertFileName) dst-path=$CertFileName as-value;
+        } do={
+          :if ($Err != "Fetch failed with status 404") do={
+            $LogPrint warning $0 ("Failed fetching certificate: " . $Err);
+          }
+          :error false;
+        }
+        $WaitForFile $CertFileName;  
 
         :local DecryptionFailed true;
         :foreach I,PassPhrase in=$CertRenewPass do={