diff --git a/util/cert.py b/util/cert.py
index 63b65fc..8d3092f 100644
--- a/util/cert.py
+++ b/util/cert.py
@@ -12,7 +12,6 @@
 from Crypto.Hash import SHA256
 
 from util.group import get_user_permissions
-from utils import validate_object_id
 
 
 class Auth:
@@ -91,12 +90,15 @@ async def validate_by_cert(id: str, cert: str, type: Optional[str] = "long"):
     # in a minute
     if time < datetime.datetime.now().timestamp() - 60:
         raise HTTPException(status_code=401, detail="Token expired")
-    user = await db.zvms.users.find_one({"_id": validate_object_id(id)})
-    if checkpw(
-        bytes(auth_field["password"], "utf-8"), bytes(user["password"], "utf-8")
-    ):
-        return jwt_encode(id, await get_user_permissions(user), type=type)
-    raise HTTPException(status_code=401, detail="Password incorrect")
+    try:
+        user = await db.zvms.users.find_one({"_id": ObjectId(id)})
+        if checkpw(
+            bytes(auth_field["password"], "utf-8"), bytes(user["password"], "utf-8")
+        ):
+            return jwt_encode(id, await get_user_permissions(user), type=type)
+        raise HTTPException(status_code=401, detail="Password incorrect")
+    except:
+        raise HTTPException(status_code=404, detail="User not found")
 
 async def get_hashed_password_by_cert(cert: str):
     auth_field = json.loads(rsa_decrypt(cert))