diff --git a/certbotd.sh b/certbotd.sh
index b334c32..ac6c0cd 100755
--- a/certbotd.sh
+++ b/certbotd.sh
@@ -5,13 +5,17 @@ updated=/tmp/certbot.updated
 failed=/tmp/certbot.failed
 domains=/tmp/domains
 
+fail() {
+  echo ${1:-1} >> "${failed}"
+}
+
 ok() {
   echo "ok - $@" >&2
 }
 
 not_ok() {
   echo "not ok - $@" >&2
-  touch "${failed}"
+  fail 1
 }
 
 domain_configured() {
@@ -198,12 +202,12 @@ case $1 in
 
   find /etc/letsencrypt/renewal/ -name "*-001.conf" | while read broken_renewal; do
     not_ok "${broken_renewal} certbot found an inconsistency on certificates and decided to create a new one"
-    touch "${failed}"
+    fail 255
   done
 esac
 
 if test -f "${failed}" ; then
-  ensure 255
+  ensure `sort -hr ${failed} | head -n 1`
 else
   ensure 0
 fi