diff --git a/.changelog/25040.txt b/.changelog/25040.txt
new file mode 100644
index 000000000..fe67f98f9
--- /dev/null
+++ b/.changelog/25040.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+vault: Fixed a bug where successful renewal was logged as an error
+```
diff --git a/client/vaultclient/vaultclient.go b/client/vaultclient/vaultclient.go
index 4f86a3a01..f83bf13c2 100644
--- a/client/vaultclient/vaultclient.go
+++ b/client/vaultclient/vaultclient.go
@@ -451,11 +451,11 @@ func (c *vaultClient) renew(req *vaultClientRenewalRequest) error {
 			strings.Contains(errMsg, "permission denied") ||
 			strings.Contains(errMsg, "token not found") {
 			fatal = true
+		} else {
+			c.logger.Debug("renewal error details", "req.increment", req.increment, "lease_duration", leaseDuration, "renewal_duration", renewalDuration)
+			c.logger.Error("error during renewal of lease or token failed due to a non-fatal error; retrying",
+				"error", renewalErr, "period", next)
 		}
-	} else {
-		c.logger.Debug("renewal error details", "req.increment", req.increment, "lease_duration", leaseDuration, "renewal_duration", renewalDuration)
-		c.logger.Error("error during renewal of lease or token failed due to a non-fatal error; retrying",
-			"error", renewalErr, "period", next)
 	}
 
 	if c.isTracked(req.id) {