diff --git a/plugins/ssl/ssl-certificate-expiry b/plugins/ssl/ssl-certificate-expiry
index f19cb5df..f338a8f5 100755
--- a/plugins/ssl/ssl-certificate-expiry
+++ b/plugins/ssl/ssl-certificate-expiry
@@ -39,9 +39,13 @@ of the hosts are slow.
 
 To do so, add a cron job running the plugin with cron as the argument:
 
-   */5 * * * * <user> /usr/sbin/munin-run/ssl-certificate-expiry cron
+  <minute> * * * <user> /usr/sbin/munin-run/ssl-certificate-expiry cron
 
 <user> should be the user that has write permission to the MUNIN_PLUGSTATE.
+<minute> should be a number between 0 and 59 when the check should run every hour.
+
+If, for any reason, the cron script stops running, the script will revert to
+uncached updates after the cache file is older than an hour.
 
 =head1 AUTHORS
 
@@ -120,6 +124,7 @@ main() {
 	valid_days=$(print_expire_days "$host" "$port")
 	[ -z "$valid_days" ] && valid_days="U"
 	printf "%s.value %s\\n" "$fieldname" "$valid_days"
+        echo "${fieldname}.extinfo Last checked: $(date)"
     done
 }
 
@@ -139,19 +144,16 @@ case ${1:-} in
 	exit 0
 	;;
     cron)
-	TMP=$(mktemp "${CACHEFILE}.XXXXXXXX")
-	trap 'rm -f "${TMP}"' EXIT
-	main > "${TMP}"
-	chmod 0644 "${TMP}"
-	mv "${TMP}" "${CACHEFILE}"
+	UPDATE="$(main)"
+	echo "${UPDATE}" > "${CACHEFILE}"
+	chmod 0644 "${CACHEFILE}"
 
 	exit 0
 	;;
 esac
 
-if [ -e "${CACHEFILE}" ]; then
+if [ -n "$(find "${CACHEFILE}" -mmin -60 2>/dev/null)" ]; then
 	cat "${CACHEFILE}"
-	rm "${CACHEFILE}"
 	exit 0
 fi