diff --git a/authentik/sources/plex/tasks.py b/authentik/sources/plex/tasks.py
index fa86f29e1..59fc4594e 100644
--- a/authentik/sources/plex/tasks.py
+++ b/authentik/sources/plex/tasks.py
@@ -29,14 +29,15 @@ def check_plex_token(self: MonitoredTask, source_slug: int):
         auth.get_user_info()
         self.set_status(TaskResult(TaskResultStatus.SUCCESSFUL, ["Plex token is valid."]))
     except RequestException as exc:
+        error = exception_to_string(exc).replace(source.plex_token, "$PLEX_TOKEN")
         self.set_status(
             TaskResult(
                 TaskResultStatus.ERROR,
-                ["Plex token is invalid/an error occurred:", exception_to_string(exc)],
+                ["Plex token is invalid/an error occurred:", error],
             )
         )
         Event.new(
             EventAction.CONFIGURATION_ERROR,
-            message=f"Plex token invalid, please re-authenticate source.\n{str(exc)}",
+            message=f"Plex token invalid, please re-authenticate source.\n{error}",
             source=source,
         ).save()
diff --git a/website/docs/core/certificates.md b/website/docs/core/certificates.md
index 41b828d6b..c8c87024c 100644
--- a/website/docs/core/certificates.md
+++ b/website/docs/core/certificates.md
@@ -18,7 +18,7 @@ This certificate is generated to be used as a default for all OAuth2/OIDC provid
 
 This certificate can also be used for SAML Providers/Sources, just keep in mind that the certificate is only valid for a year. Some SAML applications require the certificate to be valid, so they might need to be rotated regularly.
 
-For SAML use-cases, you can generate a Certificate thats valid for longer than 1 year, on your own risk.
+For SAML use-cases, you can generate a Certificate that's valid for longer than 1 year, on your own risk.
 
 ## External certificates