diff --git a/script_refresh-proxied-certs.sh b/script_refresh-proxied-certs.sh
index c9d9a7e..f6bcaa6 100755
--- a/script_refresh-proxied-certs.sh
+++ b/script_refresh-proxied-certs.sh
@@ -30,7 +30,8 @@ for i in *.crt; do
 		sed -n '/^-----BEGIN CERTIFICATE-----$/,/^-----END CERTIFICATE-----$/p' > "$TMPFILE"
 
 		# Check that the new cert still match the local key
-		if [ "$( ( openssl x509 -noout -modulus -in "$FQDN_HOSTNAME.crt"; openssl rsa -noout -modulus -in "$FQDN_HOSTNAME.key" ) | uniq | wc -l )" -ne 1 ]; then
+		# (it should also fail safely when the host wasn't reachable)
+		if [ "$( ( openssl x509 -noout -modulus -in "$TMPFILE"; openssl rsa -noout -modulus -in "$FQDN_HOSTNAME.key" ) | uniq | wc -l )" -ne 1 ]; then
 			# Mismatch : raise an alert
 			echo "WARNING: retrieved certificate does not match '$FQDN_HOSTNAME.key'" >&2
 			EXIT_STATUS=1