diff --git a/roles/git_auto_update/tasks/main.yml b/roles/git_auto_update/tasks/main.yml
index 5465674..1b2184b 100644
--- a/roles/git_auto_update/tasks/main.yml
+++ b/roles/git_auto_update/tasks/main.yml
@@ -20,6 +20,8 @@
   command: "{{ update_script_path }}"
   args:
     creates: "{{ dest }}/.git"
+  register: update_result
+  failed_when: update_result.rc not in [0, 2]
 
 - name: Enable auto update of {{ repo_name }}
   cron:
diff --git a/roles/git_auto_update/templates/update.sh b/roles/git_auto_update/templates/update.sh
index 8dac868..29f2a0d 100644
--- a/roles/git_auto_update/templates/update.sh
+++ b/roles/git_auto_update/templates/update.sh
@@ -22,7 +22,10 @@ TAG=$(git tag --list | grep "^$PREFIX" | sort -r | head -n 1);
 if git verify-tag --raw "$TAG" 2>&1 | grep " VALIDSIG $GPG_FINGERPRINT " > /dev/null; then
   git checkout -q "$TAG";
   chown -R "$DEST_USER:$DEST_GROUP" .;
-  {{ reload_command | default('') }}
+  if sh -c {{ reload_command | default('') | quote }}; then
+    echo "Failed during reload" >&2;
+    exit 2;
+  fi
 else
   echo "Invalid or missing signature for $TAG" >&2;
   exit 1;