diff --git a/hack/.shellcheck_failures b/hack/.shellcheck_failures
index 1e1b0914d16..fb2d2ab948b 100644
--- a/hack/.shellcheck_failures
+++ b/hack/.shellcheck_failures
@@ -121,7 +121,6 @@
 ./hack/verify-typecheck.sh
 ./pkg/kubectl/cmd/edit/testdata/record_testcase.sh
 ./pkg/util/verify-util-pkg.sh
-./plugin/pkg/admission/imagepolicy/gencerts.sh
 ./test/cmd/apply.sh
 ./test/cmd/apps.sh
 ./test/cmd/authorization.sh
diff --git a/plugin/pkg/admission/imagepolicy/gencerts.sh b/plugin/pkg/admission/imagepolicy/gencerts.sh
index 30304922d86..267aceffa7c 100755
--- a/plugin/pkg/admission/imagepolicy/gencerts.sh
+++ b/plugin/pkg/admission/imagepolicy/gencerts.sh
@@ -83,12 +83,12 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+// This file was generated using openssl by the gencerts.sh script
+// and holds raw certificates for the imagepolicy webhook tests.
+
+package imagepolic
 EOF
 
-echo "// This file was generated using openssl by the gencerts.sh script" >> $outfile
-echo "// and holds raw certificates for the imagepolicy webhook tests." >> $outfile
-echo "" >> $outfile
-echo "package imagepolicy" >> $outfile
 for file in caKey caCert badCAKey badCACert serverKey serverCert clientKey clientCert; do
 	data=$(cat ${file}.pem)
 	echo "" >> $outfile
@@ -96,7 +96,7 @@ for file in caKey caCert badCAKey badCACert serverKey serverCert clientKey clien
 done
 
 # Clean up after we're done.
-rm *.pem
-rm *.csr
-rm *.srl
-rm *.conf
+rm ./*.pem
+rm ./*.csr
+rm ./*.srl
+rm ./*.conf