diff --git a/src/tls/openssl/tls.c b/src/tls/openssl/tls.c
index 317abffa1..283b7c45b 100644
--- a/src/tls/openssl/tls.c
+++ b/src/tls/openssl/tls.c
@@ -308,14 +308,11 @@ int tls_add_cafile_path(struct tls *tls, const char *cafile,
 		return EINVAL;
 
 	if (capath && !fs_isdir(capath)) {
-		DEBUG_WARNING("capath is not a directory\n");
 		return ENOTDIR;
 	}
 
 	/* Load the CAs we trust */
 	if (!(SSL_CTX_load_verify_locations(tls->ctx, cafile, capath))) {
-		if (str_isset(cafile))
-			DEBUG_WARNING("Can't read CA file: %s\n", cafile);
 
 		ERR_clear_error();
 		return ENOENT;
diff --git a/src/tls/openssl/tls_tcp.c b/src/tls/openssl/tls_tcp.c
index c3071cecd..2fb1d1392 100644
--- a/src/tls/openssl/tls_tcp.c
+++ b/src/tls/openssl/tls_tcp.c
@@ -337,15 +337,12 @@ int tls_conn_change_cert(struct tls_conn *tc, const char *file)
 	r = SSL_use_certificate_file(tc->ssl, file, SSL_FILETYPE_PEM);
 #endif
 	if (r <= 0) {
-		DEBUG_WARNING("change cert: "
-			"cant't read certificate file: %s\n", file);
 		ERR_clear_error();
-		return EINVAL;
+		return ENOENT;
 	}
 
 	r = SSL_use_PrivateKey_file(tc->ssl, file, SSL_FILETYPE_PEM);
 	if (r <= 0) {
-		DEBUG_WARNING("change cert: key missmatch in %s\n", file);
 		ERR_clear_error();
 		return EKEYREJECTED;
 	}