diff --git a/CHANGELOG.md b/CHANGELOG.md
index 381c026..0d2b7f1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Fixed
 
+* cert-expirations.sh: check CARP state only when checking ca and certs expirations
+
 ### Removed
 
 ### Security
diff --git a/cert-expirations.sh b/cert-expirations.sh
index dbb2535..87c6303 100644
--- a/cert-expirations.sh
+++ b/cert-expirations.sh
@@ -23,6 +23,16 @@ Usage: ${0} [--version]
 END
 }
 
+check_carp_state() {
+    if [ "${SYSTEM}" = "openbsd" ]; then
+        carp=$(/sbin/ifconfig carp0 2>/dev/null | grep 'status' | cut -d' ' -f2)
+
+        if [ "$carp" = "backup" ]; then
+            exit 0
+        fi
+    fi
+}
+
 check_ca_expiration() {
     echo "CA certificate:"
     openssl x509 -enddate -noout -in ${cacert_path} \
@@ -79,15 +89,6 @@ check_certs_expiration() {
 
 main() {
     SYSTEM=$(uname | tr '[:upper:]' '[:lower:]')
-    
-    if [ "${SYSTEM}" = "openbsd" ]; then
-        carp=$(/sbin/ifconfig carp0 2>/dev/null | grep 'status' | cut -d' ' -f2)
-    
-        if [ "$carp" = "backup" ]; then
-            exit 0
-        fi
-    fi
-    
     cacert_path="/etc/openvpn/ssl/ca/cacert.pem"
     index_path="/etc/openvpn/ssl/ca/index.txt"
     somedays="3456000" # 40 days currently
@@ -107,6 +108,7 @@ main() {
         ;;
 
         "")
+            check_carp_state
             echo "Warning : all times are in UTC !"
             echo ""
             check_ca_expiration