diff --git a/src/common/connection.py b/src/common/connection.py
index f03c2e1a3..ab53f5258 100644
--- a/src/common/connection.py
+++ b/src/common/connection.py
@@ -1461,28 +1461,28 @@ class Connection(CommonConnection, ConnectionHandlers):
             if saved_fingerprint_sha1:
                 # Check sha1 fingerprint
                 if fingerprint_sha1 != saved_fingerprint_sha1:
-                    gajim.nec.push_incoming_event(FingerprintErrorEvent(None,
-                        conn=self, certificate=cert,
-                        new_fingerprint_sha1=fingerprint_sha1,
-                        new_fingerprint_sha256=fingerprint_sha256))
-                    return True
-            else:
-                gajim.config.set_per('accounts', self.name,
-                    'ssl_fingerprint_sha1', fingerprint_sha1)
+                    if not check_X509.check_certificate(cert, hostname):
+                        gajim.nec.push_incoming_event(FingerprintErrorEvent(
+                            None, conn=self, certificate=cert,
+                            new_fingerprint_sha1=fingerprint_sha1,
+                            new_fingerprint_sha256=fingerprint_sha256))
+                        return True
+            gajim.config.set_per('accounts', self.name, 'ssl_fingerprint_sha1',
+                fingerprint_sha1)
 
             saved_fingerprint_sha256 = gajim.config.get_per('accounts', self.name,
                 'ssl_fingerprint_sha256')
             if saved_fingerprint_sha256:
                 # Check sha256 fingerprint
                 if fingerprint_sha256 != saved_fingerprint_sha256:
-                    gajim.nec.push_incoming_event(FingerprintErrorEvent(None,
-                        conn=self, certificate=con.Connection.ssl_certificate,
-                        new_fingerprint_sha1=fingerprint_sha1,
-                        new_fingerprint_sha256=fingerprint_sha256))
-                    return True
-            else:
-                gajim.config.set_per('accounts', self.name,
-                    'ssl_fingerprint_sha256', fingerprint_sha256)
+                    if not check_X509.check_certificate(cert, hostname):
+                        gajim.nec.push_incoming_event(FingerprintErrorEvent(
+                            None, conn=self, certificate=cert,
+                            new_fingerprint_sha1=fingerprint_sha1,
+                            new_fingerprint_sha256=fingerprint_sha256))
+                        return True
+            gajim.config.set_per('accounts', self.name,
+                'ssl_fingerprint_sha256', fingerprint_sha256)
 
             if not check_X509.check_certificate(cert, hostname) and \
             '100' not in gajim.config.get_per('accounts', self.name,
diff --git a/src/gui_interface.py b/src/gui_interface.py
index 92e01960e..1acc14d3c 100644
--- a/src/gui_interface.py
+++ b/src/gui_interface.py
@@ -1419,7 +1419,8 @@ class Interface:
 
         pritext = _('SSL certificate error')
         sectext = _('It seems the SSL certificate of account %(account)s has '
-            'changed or your connection is being hacked.\n\nOld SHA-1 fingerprint: '
+            'changed and is not valid or your connection is being hacked.\n\n'
+            'Old SHA-1 fingerprint: '
             '%(old_sha1)s\nOld SHA-256 fingerprint: %(old_sha256)s\n\n'
             'New SHA-1 fingerprint: %(new_sha1)s\nNew SHA-256 fingerprint: '
             '%(new_sha256)s\n\nDo you still want to connect '