VERSION      |  2 +-
 install.texi |  2 +-
 refresh.go   | 15 +++++++++++++++

diff --git a/VERSION b/VERSION
index c69ddbfceb5a29562ae0aa77160af177fea349623c7aa74b10ae7ca1d3155e48..65a6b2857a1efe51988d7f35abc1ba3576b6f3346604825551c23f922fbc2a41 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.2.0
+2.3.0
diff --git a/install.texi b/install.texi
index fdd8c4b821ced9a4a7e3c82e97979ce2d5c45150241991d68c31caa500b617b4..6cfb9d14df7695f862b111c6b964eb66aff6f663db3c5738f91fe92f819870fc 100644
--- a/install.texi
+++ b/install.texi
@@ -1,7 +1,7 @@
 @node Install
 @unnumbered Install
 
-@set VERSION 2.2.0
+@set VERSION 2.3.0
 
 Preferable way is to download tarball with the signature from
 website and, for example, run tests with benchmarks:
diff --git a/refresh.go b/refresh.go
index 755638e1de5c30e5636ec2605405f6c6d482e97c4827a21e779d523bf743238b..4bbab4d5eb6961a572a0821cf45875eed839fc5334e92d4fb2af35337bde92ae 100644
--- a/refresh.go
+++ b/refresh.go
@@ -60,6 +60,12 @@ 		log.Println("error", r.RemoteAddr, "refresh", pkgName, err)
 		http.Error(w, err.Error(), http.StatusBadGateway)
 		return false
 	}
+	if resp.StatusCode != http.StatusOK {
+		resp.Body.Close()
+		log.Println("error", r.RemoteAddr, "refresh", pkgName, "HTTP status:", resp.Status)
+		http.Error(w, "PyPI has non 200 status code", http.StatusBadGateway)
+		return false
+	}
 	body, err := ioutil.ReadAll(resp.Body)
 	resp.Body.Close()
 	if err != nil {
@@ -154,6 +160,15 @@ 				http.Error(w, err.Error(), http.StatusBadGateway)
 				return false
 			}
 			defer resp.Body.Close()
+			if resp.StatusCode != http.StatusOK {
+				log.Println(
+					"error", r.RemoteAddr,
+					"pypi", filename, "download",
+					"HTTP status:", resp.Status,
+				)
+				http.Error(w, "PyPI has non 200 status code", http.StatusBadGateway)
+				return false
+			}
 			hasher := hasherNew()
 			hasherSHA256 := sha256.New()
 			dst, err := TempFile(dirPath)