diff --git a/acme-downloader.sh b/acme-downloader.sh
index b2afe0fc48bf9b6f93d4f4e523b8f4bf613114a3..5b394c314ba0bd9226da60bbec2cb064ddf63860 100755
--- a/acme-downloader.sh
+++ b/acme-downloader.sh
@@ -28,7 +28,7 @@ stty -echoctl # hide ^C
 # function called by trap
 clean_up() {
     rm -f $TMP_CERT $TMP_FULLCHAIN $TMP_CA $TMP_KEY
-    exit 2
+    exit $1
 }
 trap 'clean_up' SIGINT
 
@@ -76,7 +76,6 @@ usage() {
     echo "    --wildcard [OPTIONAL if the certificate is wildcard]"
     echo "    --update [OPTIONAL self-updates the script and exit]"
     echo ""
-    clean_up
 }
 
 OPTS=$(getopt -o "h" --longoptions "help,redis-token:,vault-token:,cert-name:,team-name:,days:,type:,cert-destination:,fullchain-destination:,key-destination:,ca-destination:,wildcard" -- "$@")
@@ -86,7 +85,7 @@ while true; do
     case "$1" in
     -h | --help)
         usage
-        clean_up
+        clean_up 2
         ;;
     --redis-token)
         shift
@@ -153,7 +152,7 @@ if [ -n $UPDATE ]; then
         echo -e "\nfailed to update $0"
         echo -e "Please download the script manually from this URL: ${SCRIPT_URL}\n"
     fi
-    exit $UPDATE_STATUS
+    clean_up $UPDATE_STATUS
 fi
 
 if [[ -z $REDIS_TOKEN ]] || [[ -z $VAULT_TOKEN ]] || [[ -z $CERT_NAME ]] || [[ -z $TEAM_NAME ]]; then
@@ -200,15 +199,15 @@ fi
 # checking if certificates are valid
 if ! openssl x509 -checkend $MINUTES -noout -in $TMP_CERT &>/dev/null; then
     echo "the Certificate is malformed or is expiring. Giving up"
-    clean_up
+    clean_up 2
 fi
 if ! openssl x509 -checkend $MINUTES -noout -in $TMP_FULLCHAIN &>/dev/null; then
     echo "the Full Chain is malformed or is expiring. Giving up"
-    clean_up
+    clean_up 2
 fi
 if ! openssl x509 -in $TMP_CA -text -noout &>/dev/null; then
     echo "the CA is malformed. Giving up"
-    clean_up
+    clean_up 2
 fi
 
 # checking if key matches the certificate and the full-chain
@@ -217,17 +216,17 @@ FULLCHAIN_MD5=$(openssl x509 -noout -modulus -in $TMP_FULLCHAIN | openssl md5 |
 CRT_MD5=$(openssl x509 -noout -modulus -in $TMP_CERT | openssl md5 | awk '{print $NF}')
 if [[ $KEY_MD5 != $CRT_MD5 ]] || [[ $KEY_MD5 != $FULLCHAIN_MD5 ]]; then
     echo "the Key $TMP_KEY is either malformed or it does not match the certificate. Giving up"
-    clean_up
+    clean_up 2
 fi
 
 # checking if the certificate contains at least our cert_name
 if ! openssl x509 -noout -text -in $TMP_CERT | grep -qw $CERT_NAME; then
     echo "the certificate does not match your CN $CERT_NAME"
-    clean_up
+    clean_up 2
 fi
 if ! openssl x509 -noout -text -in $TMP_FULLCHAIN | grep -qw $CERT_NAME; then
     echo "the full chain certificate does not match your CN $CERT_NAME"
-    clean_up
+    clean_up 2
 fi
 
 # let's install the certificates