diff --git a/README-fedora.md b/README-fedora.md
index ecfc538..775e524 100644
--- a/README-fedora.md
+++ b/README-fedora.md
@@ -122,6 +122,12 @@ upstream - they need an option to use a simple execvpe instead of
 using the shell.  Then it would at least be possible to carefully
 handle [malicious names](https://www.xkcd.com/327/).  
 
+## Logging and Error Reporting
+
+On EL6, cron will email the acme user when certs are signed or errors
+are encountered.  Under systemd, errors and certs signed are logged 
+with the acme-tiny syslog identifier.
+
 ## Virtual Hosts
 
 Most web servers can handle multiple logical web hosts - configuring that is
diff --git a/acme-tiny-chain.patch b/acme-tiny-chain.patch
index 6669364..20f53f8 100644
--- a/acme-tiny-chain.patch
+++ b/acme-tiny-chain.patch
@@ -1,9 +1,9 @@
 diff -up ./acme_tiny.py.chain ./acme_tiny.py
---- ./acme_tiny.py.chain	2016-08-01 15:53:22.000000000 -0400
-+++ ./acme_tiny.py	2016-08-22 19:20:51.208523709 -0400
+--- ./acme_tiny.py.chain	2017-05-16 03:57:46.000000000 -0400
++++ ./acme_tiny.py	2017-11-22 12:18:56.963653336 -0500
 @@ -1,4 +1,4 @@
 -#!/usr/bin/env python
-+#!/usr/bin/python
++#!/usr/bin/python3
  import argparse, subprocess, json, os, sys, base64, binascii, time, hashlib, re, copy, textwrap, logging
  try:
      from urllib.request import urlopen # Python 3
@@ -28,15 +28,18 @@ diff -up ./acme_tiny.py.chain ./acme_tiny.py
  
      # find domains
      log.info("Parsing CSR...")
-@@ -80,7 +80,7 @@ def get_crt(account_key, csr, acme_dir,
+@@ -80,9 +80,9 @@ def get_crt(account_key, csr, acme_dir,
  
      # get the certificate domains and expiration
      log.info("Registering account...")
 -    code, result = _send_signed_request(CA + "/acme/new-reg", {
 +    code, result, headers = _send_signed_request(CA + "/acme/new-reg", {
          "resource": "new-reg",
-         "agreement": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf",
+-        "agreement": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf",
++        "agreement": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
      })
+     if code == 201:
+         log.info("Registered!")
 @@ -96,7 +96,7 @@ def get_crt(account_key, csr, acme_dir,
          log.info("Verifying {0}...".format(domain))
  
diff --git a/acme-tiny-sign.sh b/acme-tiny-sign.sh
index c3005b3..93eda8a 100644
--- a/acme-tiny-sign.sh
+++ b/acme-tiny-sign.sh
@@ -15,6 +15,7 @@ if ! test -s private/account.key; then
   openssl genrsa 4096 >private/account.key
 fi
 
+rc="0"
 for csr in csr/*.csr; do
   test -s "$csr" || continue
   test -r "$csr" || continue
@@ -24,16 +25,22 @@ for csr in csr/*.csr; do
   if test -s "$crt" && /usr/sbin/cert-check --days="$DAYS" "$crt"; then
     continue
   fi
-  test -w "$crt" || test ! -e "$crt" || continue
-  echo acme_tiny --account-key private/account.key --csr "$csr" \
+  if test -w "$crt" || test ! -e "$crt"; then
+    echo acme_tiny --account-key private/account.key --csr "$csr" \
 	--acme-dir /var/www/challenges/ --chain --out "$crt"
+  else
+    echo "Can't write to $crt" 
+    rc="1"
+    continue
+  fi
 
   if /usr/sbin/acme_tiny --account-key private/account.key --csr "$csr" \
 	--acme-dir /var/www/challenges/ --chain > "$tmp"; then
-	mv "$tmp" "$crt"
+	mv "$tmp" "$crt" || exit 1
   else
 	test -e "$tmp" && test ! -s "$tmp" && rm "$tmp"
   fi
   # append intermediate certs
   #cat *.pem >>"$crt"
 done
+exit "$rc"
diff --git a/acme-tiny.spec b/acme-tiny.spec
index e8245a6..231e55f 100644
--- a/acme-tiny.spec
+++ b/acme-tiny.spec
@@ -18,7 +18,7 @@
 
 Name:		acme-tiny
 Version:	0.2
-Release:	2.%{checkout}%{?dist}
+Release:	3.%{checkout}%{?dist}
 Summary:	Tiny auditable script to issue, renew Let's Encrypt certificates
 
 Group:		Applications/Internet
@@ -38,6 +38,10 @@ Patch0:		acme-tiny-chain.patch
 
 Requires:	openssl
 Requires(pre): shadow-utils
+%if 0%{?rhel} >= 5 && 0%{?rhel} < 7
+# EL6 uses python2.6, which does not include argparse
+Requires:	python-argparse
+%endif
 %if %{use_systemd}
 # systemd macros are not defined unless systemd is present
 BuildRequires: systemd
@@ -135,6 +139,11 @@ exit 0
 /usr/sbin/cert-check
 
 %changelog
+* Wed Nov 22 2017 Stuart D. Gathman <stuart@gathman.org> 0.2-3.20170616gitaf025f5
+- BZ#1507333 EL6 missing python-argparse dependency
+- BZ#1515781 Agreement updated.
+- BZ#1409345 Unwritable certs silently skipped
+
 * Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.2-2.20170516gitaf025f5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild