diff --git a/cmd/spire-server/cli/token/generate.go b/cmd/spire-server/cli/token/generate.go
index b6a825f7af..a38f1b3944 100644
--- a/cmd/spire-server/cli/token/generate.go
+++ b/cmd/spire-server/cli/token/generate.go
@@ -58,12 +58,15 @@ func (g GenerateCLI) Run(args []string) int {
 	}
 	fmt.Printf("Token: %s\n", token)
 
-	if config.SpiffeID != "" {
-		err = g.createVanityRecord(ctx, c, token, config.SpiffeID)
-		if err != nil {
-			fmt.Printf("Error assigning SPIFFE ID: %s\n", err.Error())
-			return 1
-		}
+	if config.SpiffeID == "" {
+		fmt.Printf("Warning: Missing SPIFFE ID.\n")
+		return 0
+	}
+
+	err = g.createVanityRecord(ctx, c, token, config.SpiffeID)
+	if err != nil {
+		fmt.Printf("Error assigning SPIFFE ID: %s\n", err.Error())
+		return 1
 	}
 
 	return 0
diff --git a/pkg/agent/client/client.go b/pkg/agent/client/client.go
index 0bb3cfa01c..bc7b3a798f 100644
--- a/pkg/agent/client/client.go
+++ b/pkg/agent/client/client.go
@@ -105,7 +105,7 @@ func (c *client) FetchUpdates(ctx context.Context, req *node.FetchX509SVIDReques
 	// We weren't able to get a stream...close the client and return the error.
 	if err != nil {
 		c.Release()
-		c.c.Log.Errorf("%v: %v", ErrUnableToGetStream, err)
+		c.c.Log.Errorf("Failure fetching X509 SVID. %v: %v", ErrUnableToGetStream, err)
 		return nil, ErrUnableToGetStream
 	}
 
@@ -167,7 +167,7 @@ func (c *client) FetchJWTSVID(ctx context.Context, jsr *node.JSR) (*JWTSVID, err
 	// We weren't able to make the request...close the client and return the error.
 	if err != nil {
 		c.Release()
-		c.c.Log.Errorf("%v: %v", ErrUnableToGetStream, err)
+		c.c.Log.Errorf("Failure fetching JWT SVID. %v: %v", ErrUnableToGetStream, err)
 		return nil, ErrUnableToGetStream
 	}
 
diff --git a/pkg/server/ca/manager.go b/pkg/server/ca/manager.go
index 3fdf6729e9..6ac5566a88 100644
--- a/pkg/server/ca/manager.go
+++ b/pkg/server/ca/manager.go
@@ -138,7 +138,7 @@ func (m *manager) Run(ctx context.Context) error {
 	if err == context.Canceled {
 		err = nil
 	}
-	return nil
+	return err
 }
 
 func (m *manager) CA() ServerCA {
@@ -413,7 +413,7 @@ func (m *manager) writeKeypairSets() {
 		certificates[m.next.JWTSignerKeyId()] = m.next.jwtSigner
 	}
 	if err := writeCertificates(m.c.CertsPath, certificates); err != nil {
-		m.c.Log.Warnf("unable to write keypair sets: %v", err)
+		m.c.Log.Errorf("unable to write keypair sets: %v", err)
 	}
 }
 
diff --git a/pkg/server/endpoints/node/handler.go b/pkg/server/endpoints/node/handler.go
index c2fcf1b38d..40335db25c 100644
--- a/pkg/server/endpoints/node/handler.go
+++ b/pkg/server/endpoints/node/handler.go
@@ -336,7 +336,7 @@ func (h *Handler) doAttestChallengeResponse(ctx context.Context,
 		response, err := h.attest(ctx, attestStream, request, attestedBefore)
 		if err != nil {
 			h.c.Log.Error(err)
-			return nil, errors.New("Error trying to attest")
+			return nil, fmt.Errorf("Error trying to attest: %v", err)
 		}
 		if response.Challenge == nil {
 			return response, nil