diff --git a/clients/record_tlscert b/clients/record_tlscert
index cb80d18..3f1c7c8 100755
--- a/clients/record_tlscert
+++ b/clients/record_tlscert
@@ -16,17 +16,17 @@ args = ap.parse_args()
 now = time.time()
 report0 = []
 
-with socket.create_connection((args.hostname, args.port)) as sock:
-    context = ssl.create_default_context()
-    try:
+try:
+    with socket.create_connection((args.hostname, args.port)) as sock:
+        context = ssl.create_default_context()
         with context.wrap_socket(sock, server_hostname=args.hostname) as ssock:
             cert = ssock.getpeercert()
             not_after = ssl.cert_time_to_seconds(cert["notAfter"])
             delta = not_after - now
-    except ssl.SSLCertVerificationError as e:
-        print("got error %s; setting delta to 0", e)
-        delta = 0
-    report0.append({ "measure": "tls_cert_ttl", "unit": "s", "value": delta })
+except (ssl.SSLCertVerificationError, ConnectionRefusedError) as e:
+    print("got error %s; setting delta to 0" % e)
+    delta = 0
+report0.append({ "measure": "tls_cert_ttl", "unit": "s", "value": delta })
 
 report = [
     {