diff --git a/aiven/client/cli.py b/aiven/client/cli.py
index bfa49f36..7c7a9791 100644
--- a/aiven/client/cli.py
+++ b/aiven/client/cli.py
@@ -2062,40 +2062,43 @@ def service__user_creds_download(self) -> None:
 
         missing_user_items = []
         service = self.client.get_service(project=self.get_project(), service=self.args.service_name)
-        for user in service["users"]:
-            if user["username"] == self.args.username:
-                cert = user.get("access_cert")
-                if cert is None:
-                    missing_user_items.append("certificate")
-                else:
-                    with open(os.path.join(self.args.target_directory, "service.cert"), "w", encoding="utf-8") as fp:
-                        fp.write(cert)
-                    downloaded_items.append("certificate")
-
-                key = user.get("access_key")
-                if key is None:
-                    missing_user_items.append("key")
-                else:
-                    with open(os.path.join(self.args.target_directory, "service.key"), "w", encoding="utf-8") as fp:
-                        fp.write(key)
-                    downloaded_items.append("key")
+        matched_service_users = [s_user for s_user in service["users"] if s_user["username"] == self.args.username]
+
+        if not matched_service_users:
+            error_messages.append(
+                "The value passed as argument --username does not match any service user,\n"
+                + "therefore the service certificate key pair cannot be obtained.\n\n"
+                + "To get the service users and their passwords, type:\n"
+                + "   avn service user-list --format '{{username}} {{password}}' --project {} {}".format(
+                    project_name, self.args.service_name
+                )
+            )
 
-                break
+        else:
+            user = matched_service_users[0]
+            cert = user.get("access_cert")
+            if cert is None:
+                missing_user_items.append("certificate")
+            else:
+                with open(os.path.join(self.args.target_directory, "service.cert"), "w", encoding="utf-8") as fp:
+                    fp.write(cert)
+                downloaded_items.append("certificate")
 
-        if downloaded_items:
-            print("Downloaded to directory '{}': {}".format(self.args.target_directory, ", ".join(downloaded_items)))
-            print()
+            key = user.get("access_key")
+            if key is None:
+                missing_user_items.append("key")
+            else:
+                with open(os.path.join(self.args.target_directory, "service.key"), "w", encoding="utf-8") as fp:
+                    fp.write(key)
+                downloaded_items.append("key")
 
-        print("To get the user passwords type:")
-        print(
-            "avn service user-list --format '{{username}} {{password}}' --project {} {}".format(
-                project_name, self.args.service_name
-            )
-        )
+            if downloaded_items:
+                print("Downloaded to directory '{}': {}".format(self.args.target_directory, ", ".join(downloaded_items)))
+                print()
 
-        if missing_user_items:
-            missing_items_str = " and ".join(missing_user_items)
-            error_messages.append("The user '{}' does not have {}".format(self.args.username, missing_items_str))
+            if missing_user_items:
+                missing_items_str = " and ".join(missing_user_items)
+                error_messages.append("The user '{}' does not have {}".format(self.args.username, missing_items_str))
 
         if error_messages:
             print()