diff --git a/src/lib/charm/vault_pki.py b/src/lib/charm/vault_pki.py
index 2c8a8b5..6d2be12 100644
--- a/src/lib/charm/vault_pki.py
+++ b/src/lib/charm/vault_pki.py
@@ -71,7 +71,12 @@ def is_ca_ready(client, name, role):
     :returns: Whether CA is ready
     :rtype: bool
     """
-    return client.secrets.pki.read_role(role, mount_point=name) is not None
+    try:
+        # read_role raises InvalidPath is the role is not available
+        client.secrets.pki.read_role(role, mount_point=name)
+        return True
+    except hvac.exceptions.InvalidPath:
+        return False
 
 
 def get_chain(name=None):
diff --git a/unit_tests/test_lib_charm_vault_pki.py b/unit_tests/test_lib_charm_vault_pki.py
index 7fbea58..5a3186f 100644
--- a/unit_tests/test_lib_charm_vault_pki.py
+++ b/unit_tests/test_lib_charm_vault_pki.py
@@ -61,8 +61,8 @@ class TestLibCharmVaultPKI(unit_tests.test_utils.CharmTestCase):
         client_mock = mock.MagicMock()
 
         def read_role(role, mount_point=None):
-            if role == "role":
-                return "role info"
+            if role != "role":
+                raise hvac.exceptions.InvalidPath()
 
         client_mock.secrets.pki.read_role.side_effect = read_role
         self.assertTrue(vault_pki.is_ca_ready(client_mock, 'mp', 'role'))
diff --git a/unit_tests/test_reactive_vault_handlers.py b/unit_tests/test_reactive_vault_handlers.py
index f25cea1..5a7fa1d 100644
--- a/unit_tests/test_reactive_vault_handlers.py
+++ b/unit_tests/test_reactive_vault_handlers.py
@@ -59,6 +59,7 @@ class TestHandlers(unit_tests.test_utils.CharmTestCase):
             'log',
             'network_get_primary_address',
             'open_port',
+            'service_reload',
             'service_restart',
             'service_running',
             'service',