diff --git a/docs/sources/articles/certificates.md b/docs/sources/articles/certificates.md
index 90d3f1b3561971763b2c4f96261ccb7c598d7c4b..e031676402f0d3948e63fb4af2eab874293184d4 100644
--- a/docs/sources/articles/certificates.md
+++ b/docs/sources/articles/certificates.md
@@ -31,7 +31,7 @@ repository.
 
 > **Note:**
 > If there are multiple certificates, each will be tried in alphabetical
-> order. If there is an authentication error (e.g., 403, 5xx, etc.), Docker
+> order. If there is an authentication error (e.g., 403, 404, 5xx, etc.), Docker
 > will continue to try with the next certificate.
 
 Our example is set up like this:
diff --git a/registry/registry.go b/registry/registry.go
index 0c648a94b2ec063147512f4e39378f36dbf93aeb..d1315ed4b633a3888df44317b264f2375f914db4 100644
--- a/registry/registry.go
+++ b/registry/registry.go
@@ -147,7 +147,10 @@ func doRequest(req *http.Request, jar http.CookieJar, timeout TimeoutType) (*htt
 		client := newClient(jar, pool, cert, timeout)
 		res, err := client.Do(req)
 		// If this is the last cert, otherwise, continue to next cert if 403 or 5xx
-		if i == len(certs)-1 || err == nil && res.StatusCode != 403 && res.StatusCode < 500 {
+		if i == len(certs)-1 || err == nil &&
+			res.StatusCode != 403 &&
+			res.StatusCode != 404 &&
+			res.StatusCode < 500 {
 			return res, client, err
 		}
 	}