diff --git a/src/notifications.js b/src/notifications.js
index 833d0119d..f8c25e296 100644
--- a/src/notifications.js
+++ b/src/notifications.js
@@ -263,6 +263,18 @@ function apptaskCrash(eventId, appId, crashLogFile, callback) {
     }, callback);
 }
 
+function certificateRenewalError(eventId, vhost, errorMessage, callback) {
+    assert.strictEqual(typeof eventId, 'string');
+    assert.strictEqual(typeof vhost, 'string');
+    assert.strictEqual(typeof errorMessage, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    actionForAllAdmins([], function (admin, callback) {
+        mailer.certificateRenewalError(vhost, errorMessage);
+        add(admin.id, eventId, `Certificate renewal of ${vhost} failed`, `Failed to new certs of ${vhost}: ${errorMessage}. Renewal will be retried in 12 hours`, callback);
+    }, callback);
+}
+
 function upsert(userId, eventId, title, message, callback) {
     assert.strictEqual(typeof userId, 'string');
     assert(typeof eventId === 'string' || eventId === null);
@@ -319,6 +331,10 @@ function onEvent(id, action, source, data, callback) {
     case eventlog.ACTION_APP_UP: return appUp(id, data.app, callback);
     case eventlog.ACTION_APP_TASK_CRASH: return apptaskCrash(id, data.appId, data.crashLogFile, callback);
     case eventlog.ACTION_PROCESS_CRASH: return processCrash(id, data.processName, data.crashId, callback);
+    case eventlog.ACTION_CERTIFICATE_RENEWAL:
+    case eventlog.ACTION_CERTIFICATE_NEW:
+        return data.errorMessage ? certificateRenewalError(id, data.domain, data.errorMessage, callback): callback();
+
     default: return callback();
     }
 }
diff --git a/src/reverseproxy.js b/src/reverseproxy.js
index 332a8aea7..bae02a09d 100644
--- a/src/reverseproxy.js
+++ b/src/reverseproxy.js
@@ -45,7 +45,6 @@ var acme2 = require('./cert/acme2.js'),
     eventlog = require('./eventlog.js'),
     fallback = require('./cert/fallback.js'),
     fs = require('fs'),
-    mailer = require('./mailer.js'),
     os = require('os'),
     path = require('path'),
     paths = require('./paths.js'),
@@ -357,14 +356,7 @@ function ensureCertificate(vhost, domain, auditSource, callback) {
                 debug('ensureCertificate: getting certificate for %s with options %j', vhost, apiOptions);
 
                 api.getCertificate(vhost, domain, apiOptions, function (error, certFilePath, keyFilePath) {
-                    var errorMessage = error ? error.message : '';
-
-                    if (error) {
-                        debug('ensureCertificate: could not get certificate. using fallback certs', error);
-                        mailer.certificateRenewalError(vhost, errorMessage);
-                    }
-
-                    eventlog.add(currentBundle ? eventlog.ACTION_CERTIFICATE_RENEWAL : eventlog.ACTION_CERTIFICATE_NEW, auditSource, { domain: vhost, errorMessage: errorMessage });
+                    eventlog.add(currentBundle ? eventlog.ACTION_CERTIFICATE_RENEWAL : eventlog.ACTION_CERTIFICATE_NEW, auditSource, { domain: vhost, errorMessage: error ? error.message : '' });
 
                     // if no cert was returned use fallback. the fallback/caas provider will not provide any for example
                     if (!certFilePath || !keyFilePath) return getFallbackCertificate(domain, callback);