diff --git a/certman.sh b/certman.sh
index 17131bb..0798e43 100755
--- a/certman.sh
+++ b/certman.sh
@@ -71,13 +71,8 @@ check_requirements() {
     done
 }
 
-validate_api_key() {
-    local api_key=$1
-    [[ $api_key =~ ^[A-Za-z0-9_-]{32,}$ ]]
-}
-
 setup_directories() {
-    local dirs=("$CERT_PATH" "$KEY_PATH" "$TEMP_PATH")
+    local dirs=("$CERT_PATH" "$KEY_PATH")
     for dir in "${dirs[@]}"; do
         if ! mkdir -p "$dir"; then
             echo -e "${RED}Error: Failed to create directory: $dir${NC}"
@@ -111,17 +106,23 @@ download_and_verify_cert() {
     fi
 
     # Download fullchain PEM file
+    if [ "$FULLCHAIN_PEM" = "true" ]; then
         if ! curl -s -fL -o "$temp_pem" -H "X-API-Key: $cert_api_key.$key_api_key" \
             "https://$CERTWARDEN_SERVER/certwarden/api/v1/download/privatecertchains/$domain"; then
             echo -e "${RED}Failed to download fullchain PEM file for $domain${NC}"
             return 1
         fi
+    fi
 
     # Verify files are not empty
-    if [ ! -s "$temp_cert" ] || [ ! -s "$temp_key" ] || [ ! -s "$temp_pem" ]; then
+    if [ ! -s "$temp_cert" ] || [ ! -s "$temp_key" ]; then
         echo -e "${RED}Downloaded files are empty for $domain${NC}"
         return 1
     fi
+    if [ "$FULLCHAIN_PEM" = "true" ] && [ ! -s "$temp_pem" ]; then
+        echo -e "${RED}Downloaded PEM file is empty for $domain${NC}"
+        return 1
+    fi
 
     # Validate certificate and key match
     local cert_fingerprint
@@ -131,19 +132,21 @@ download_and_verify_cert() {
     local key_fingerprint
     key_fingerprint=$(openssl pkey -in "$temp_key" -pubout -outform DER 2>/dev/null |
         openssl dgst -sha256)
-    local pem_fingerprint
-    pem_fingerprint=$(openssl x509 -in "$temp_pem" -noout -pubkey |
-        openssl pkey -pubin -outform DER 2>/dev/null |
-        openssl dgst -sha256)
 
     if [ "$cert_fingerprint" != "$key_fingerprint" ]; then
         echo -e "${RED}Certificate and key do not match for $domain${NC}"
         return 1
     fi
 
-    if [[ "$cert_fingerprint" != "$pem_fingerprint" ]]; then
-        echo -e "${RED}Certificate and PEM file do not match for $domain${NC}"
-        return 1
+    if [ "$FULLCHAIN_PEM" = "true" ]; then
+        local pem_fingerprint
+        pem_fingerprint=$(openssl x509 -in "$temp_pem" -noout -pubkey |
+            openssl pkey -pubin -outform DER 2>/dev/null |
+            openssl dgst -sha256)
+        if [[ "$cert_fingerprint" != "$pem_fingerprint" ]]; then
+            echo -e "${RED}Certificate and PEM file do not match for $domain${NC}"
+            return 1
+        fi
     fi
 
     return 0
@@ -162,15 +165,13 @@ install_certificate() {
     # Check if certificate needs updating
     if [ "$FORCE_UPDATE" = "true" ]; then
         needs_reload=1
-    elif [ "$FULLCHAIN_PEM" = "true" ] && [ -f "$final_pem" ]; then
-        if ! cmp -s "$final_pem" "$temp_pem"; then
-            needs_reload=1
-        fi
-    elif [ -f "$final_cert" ]; then
-        if ! cmp -s "$final_cert" "$temp_cert"; then
-            needs_reload=1
-        fi
-    else
+    elif [ ! -f "$final_cert" ] || [ ! -f "$final_key" ]; then
+        needs_reload=1
+    elif ! cmp -s "$final_cert" "$temp_cert" || ! cmp -s "$final_key" "$temp_key"; then
+        needs_reload=1
+    elif [ "$FULLCHAIN_PEM" = "true" ] && [ -f "$final_pem" ] && ! cmp -s "$final_pem" "$temp_pem"; then
+        needs_reload=1
+    elif [ "$FULLCHAIN_PEM" = "true" ] && [ ! -f "$final_pem" ]; then
         needs_reload=1
     fi