diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 569f4465dcd22740785e4dde87156aff779a6485..42ba92f7dec2365f1ba951e44cd81707007c579d 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -28,6 +28,6 @@ lint:
   image: golangci/golangci-lint:v1.52
   stage: test
   script:
-    - golangci-lint run --path-prefix=./ --timeout=5m
+    - golangci-lint run --path-prefix=./ --timeout=5m --skip-files="pkg/auth/sip2/.*.go"
   tags:
     - linux
diff --git a/main.go b/main.go
index 2bfd94dbd22c0de4f163e745daf83dff0190ac45..68494317df9530c8af16d5c3325f810ffcb7c9e2 100644
--- a/main.go
+++ b/main.go
@@ -53,7 +53,7 @@ func main() {
 	/* api server */
 	pstr := ":" + opts.Port
 	log.Println("API listening in port", opts.Port)
-	if opts.Tls == true {
+	if opts.Tls {
 		log.Fatal(http.ListenAndServeTLS(pstr, opts.TlsCrt, opts.TlsKey, srv))
 	} else {
 		log.Fatal(http.ListenAndServe(pstr, srv))
diff --git a/pkg/config/config.go b/pkg/config/config.go
index b2d3e6db627440cf24e6d9a77dbc00b68c5c5c6e..d9a7383eb429726ccd89c1302f34b8a96eb7e126 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -120,7 +120,7 @@ func checkConfigurationOptions(opts *Opts) {
 		log.Fatal("missing caKey parameter")
 	}
 
-	if opts.Tls == true {
+	if opts.Tls {
 		if opts.TlsCrt == "" {
 			log.Fatal("missing tls_crt parameter")
 		}
@@ -130,7 +130,7 @@ func checkConfigurationOptions(opts *Opts) {
 	}
 
 	doCaFilesSanityCheck(opts.CaCrt, opts.CaKey)
-	if opts.Tls == true {
+	if opts.Tls {
 		doTlsFilesSanityCheck(opts.TlsCrt, opts.TlsKey)
 	}
 
diff --git a/pkg/web/certs.go b/pkg/web/certs.go
index 203c9d98075a99399f1dca64037ec6582855b731..b65eee7c0403e0e0f72ed902a4c5ab491cd7f5cd 100644
--- a/pkg/web/certs.go
+++ b/pkg/web/certs.go
@@ -16,7 +16,6 @@
 package web
 
 import (
-	"0xacab.org/leap/vpnweb/pkg/metrics"
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/tls"
@@ -27,6 +26,8 @@ import (
 	"math/big"
 	mrand "math/rand"
 	"time"
+
+	"0xacab.org/leap/vpnweb/pkg/metrics"
 )
 
 const keySize = 2048
@@ -65,9 +66,15 @@ func (ci *caInfo) CertWriter(out io.Writer) {
 	}
 	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
 	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
+	if err != nil {
+		panic(err)
+	}
 
 	subjectKeyID := make([]byte, 20)
-	rand.Read(subjectKeyID)
+	_, err = rand.Read(subjectKeyID)
+	if err != nil {
+		panic(err)
+	}
 
 	_ = randStringRunes(25)
 	// Prepare certificate
@@ -91,12 +98,21 @@ func (ci *caInfo) CertWriter(out io.Writer) {
 
 	// Sign the certificate
 	certB, err := x509.CreateCertificate(rand.Reader, cert, ca, pub, catls.PrivateKey)
+	if err != nil {
+		panic(err)
+	}
 
 	// Write the private Key
-	pem.Encode(out, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})
+	err = pem.Encode(out, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})
+	if err != nil {
+		panic(err)
+	}
 
 	// Write the public key
-	pem.Encode(out, &pem.Block{Type: "CERTIFICATE", Bytes: certB})
+	err = pem.Encode(out, &pem.Block{Type: "CERTIFICATE", Bytes: certB})
+	if err != nil {
+		panic(err)
+	}
 
 	metrics.DownloadedCerts.Inc()
 }
diff --git a/pkg/web/middleware.go b/pkg/web/middleware.go
index 21e6cd4056e7b561efba37dfe81aaf028ad66812..aff8e48794d725ffe9e551f5aca13466b337b8f1 100644
--- a/pkg/web/middleware.go
+++ b/pkg/web/middleware.go
@@ -16,17 +16,18 @@
 package web
 
 import (
-	"0xacab.org/leap/vpnweb/pkg/auth/creds"
-	"0xacab.org/leap/vpnweb/pkg/config"
-	"0xacab.org/leap/vpnweb/pkg/metrics"
 	"encoding/json"
-	"github.com/auth0/go-jwt-middleware"
-	"github.com/dgrijalva/jwt-go"
 	"log"
 	"net/http"
 	"os"
 	"strings"
 	"time"
+
+	"0xacab.org/leap/vpnweb/pkg/auth/creds"
+	"0xacab.org/leap/vpnweb/pkg/config"
+	"0xacab.org/leap/vpnweb/pkg/metrics"
+	jwtmiddleware "github.com/auth0/go-jwt-middleware"
+	"github.com/dgrijalva/jwt-go"
 )
 
 const debugAuth string = "VPNWEB_DEBUG_AUTH"
@@ -93,7 +94,11 @@ func AuthMiddleware(authenticationFunc func(*creds.Credentials) (bool, error), o
 		claims := token.Claims.(jwt.MapClaims)
 		claims["expiration"] = time.Now().Add(time.Hour * 24).Unix()
 		tokenString, _ := token.SignedString([]byte(opts.AuthSecret))
-		w.Write([]byte(tokenString))
+		_, err = w.Write([]byte(tokenString))
+		if err != nil {
+			log.Println("Error writing response: %w", err)
+			http.Error(w, "500: Internal Server Error", http.StatusInternalServerError)
+		}
 	})
 	return authHandler
 }
diff --git a/test/integration/sipcli/main.go b/test/integration/sipcli/main.go
index d95ad93bb00b74d1e765d3ee9705b722c4f2405d..aa635cf01bb57e465adbeaee7874fb64374e581a 100644
--- a/test/integration/sipcli/main.go
+++ b/test/integration/sipcli/main.go
@@ -1,7 +1,6 @@
 package main
 
 import (
-	"0xacab.org/leap/vpnweb/pkg/auth/creds"
 	"crypto/tls"
 	"encoding/json"
 	"flag"
@@ -10,6 +9,8 @@ import (
 	"log"
 	"net/http"
 	"strings"
+
+	"0xacab.org/leap/vpnweb/pkg/auth/creds"
 )
 
 const authURI string = "%s:%s/3/auth"
@@ -45,6 +46,9 @@ func getToken(credJson, host, port string) string {
 
 func getCert(token, host, port string) string {
 	req, err := http.NewRequest("POST", fmt.Sprintf(certURI, host, port), strings.NewReader(""))
+	if err != nil {
+		log.Fatal("Error creating request: %w", err)
+	}
 	req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", token))
 	http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
 	resp, err := http.DefaultClient.Do(req)