diff --git a/src/Vervis/Foundation.hs b/src/Vervis/Foundation.hs
index 290b655..7b30f25 100644
--- a/src/Vervis/Foundation.hs
+++ b/src/Vervis/Foundation.hs
@@ -879,7 +879,8 @@ instance YesodHttpSig App where
                         )
                 Nothing -> fetched2vkd luKey <$> fetchUnknownKey manager sigAlgo host mluActorHeader luKey
         let verify' k = verify k input signature
-            errSig = throwE "Ed25519 sig verification says not valid"
+            errSig1 = throwE "Fetched fresh key; Ed25519 sig verification says not valid"
+            errSig2 = throwE "Used key from DB; Ed25519 sig verification says not valid; fetched fresh key; still not valid"
             errTime = throwE "Key expired"
         now <- liftIO getCurrentTime
         let stillValid Nothing        = True
@@ -892,7 +893,7 @@ instance YesodHttpSig App where
             else case inboxOrVkid of
                 Left _uinb ->
                     if stillValid $ vkdExpires vkd
-                        then errSig
+                        then errSig1
                         else errTime
                 Right (iid, vkid) -> do
                     let ua = vkdActorId vkd
@@ -909,7 +910,7 @@ instance YesodHttpSig App where
                                 { vkdKey     = newKey
                                 , vkdExpires = newExp
                                 }
-                        else errSig
+                        else errSig2
 
         return $ l2f host $ vkdActorId vkd
         where