diff --git a/tests/test_ssl.py b/tests/test_ssl.py
index e0191deca4816b3995c19cf7262e9cb21b6dc7ee..b6ba7d1bda264a05233643d1670ca37d811b917e 100755
--- a/tests/test_ssl.py
+++ b/tests/test_ssl.py
@@ -36,6 +36,9 @@ conf_servers = (
     ('CM_SERVER_NAME', 'campusmanager'),
 )
 
+all_ok = True
+failure = False
+
 with open('/etc/hosts', 'r') as fo:
     hosts = fo.read()
 
@@ -47,34 +50,39 @@ for s, d in conf_servers:
     if v not in hosts:
         # the domain is not in the hosts file, the service is surely not installed
         continue
-    try:
-        # further tests
-        conn = ssl.create_connection((v, 443))
-        context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
-        sock = context.wrap_socket(conn, server_hostname=v)
-        cert = ssl.DER_cert_to_PEM_cert(sock.getpeercert(True))
-        x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)
-        not_after = x509.get_notAfter().decode('ascii')
 
-        expires = datetime.datetime.strptime(not_after, '%Y%m%d%H%M%SZ')
-        print('TLS cert for {} expires at {}'.format(v, expires.isoformat()))
+    conn = ssl.create_connection((v, 443))
+    context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+    sock = context.wrap_socket(conn, server_hostname=v)
+    cert = ssl.DER_cert_to_PEM_cert(sock.getpeercert(True))
+    x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)
+    not_after = x509.get_notAfter().decode('ascii')
+
+    expires = datetime.datetime.strptime(not_after, '%Y%m%d%H%M%SZ')
+    print('TLS cert for {} expires at {}'.format(v, expires.isoformat()))
 
-        remaining = expires - datetime.datetime.utcnow()
+    remaining = expires - datetime.datetime.utcnow()
 
-        if remaining < datetime.timedelta(days=0):
-            print('Error, already expired…')
-            sys.exit(1)
-        elif remaining < datetime.timedelta(days=14):
-            print('Warning, will expire soon!')
-            sys.exit(3)
-        else:
-            print('Good, enough time before expiration.')
+    if remaining < datetime.timedelta(days=0):
+        print('Error, already expired…')
+        failure = True
+    elif remaining < datetime.timedelta(days=14):
+        print('Warning, will expire soon!')
+        all_ok = False
+    else:
+        print('Good, enough time before expiration.')
 
+    try:
         url = 'https://%s' % v
         print('Checking TLS certificate of %s' % url)
         requests.get(url)
     except requests.exceptions.SSLError:
         print('%sTLS certificate for %s is not valid%s' % (YELLOW, url, DEF))
-        sys.exit(3)
+        all_ok = False
+
+if failure:
+    sys.exit(1)
+if not all_ok:
+    sys.exit(3)
 
 sys.exit(0)