diff -up docker-2a2f26c1979cdaed884c765ea3dd203543e7e284/docs/sources/articles/certificates.md.404 docker-2a2f26c1979cdaed884c765ea3dd203543e7e284/docs/sources/articles/certificates.md
--- docker-2a2f26c1979cdaed884c765ea3dd203543e7e284/docs/sources/articles/certificates.md.404	2014-09-22 10:40:10.000000000 -0400
+++ docker-2a2f26c1979cdaed884c765ea3dd203543e7e284/docs/sources/articles/certificates.md	2014-10-20 13:23:56.827130505 -0400
@@ -31,7 +31,7 @@ repository.
 
 > **Note:**
 > If there are multiple certificates, each will be tried in alphabetical
-> order. If there is an authentication error (e.g., 403, 5xx, etc.), Docker
+> order. If there is an authentication error (e.g., 403, 404, 5xx, etc.), Docker
 > will continue to try with the next certificate.
 
 Our example is set up like this:
diff -up docker-2a2f26c1979cdaed884c765ea3dd203543e7e284/registry/registry.go.404 docker-2a2f26c1979cdaed884c765ea3dd203543e7e284/registry/registry.go
--- docker-2a2f26c1979cdaed884c765ea3dd203543e7e284/registry/registry.go.404	2014-10-20 13:23:56.828130500 -0400
+++ docker-2a2f26c1979cdaed884c765ea3dd203543e7e284/registry/registry.go	2014-10-20 13:26:00.736574647 -0400
@@ -168,14 +168,11 @@ func doRequest(req *http.Request, jar ht
 		for i, cert := range certs {
 			client := newClient(jar, pool, cert, timeout)
 			res, err := client.Do(req)
-			if i == len(certs)-1 {
-				// If this is the last cert, always return the result
+			if i == len(certs)-1 || err == nil &&
+				res.StatusCode != 403 &&
+				res.StatusCode != 404 &&
+				res.StatusCode < 500 {
 				return res, client, err
-			} else {
-				// Otherwise, continue to next cert if 403 or 5xx
-				if err == nil && res.StatusCode != 403 && !(res.StatusCode >= 500 && res.StatusCode < 600) {
-					return res, client, err
-				}
 			}
 		}
 	}