diff --git a/home.admin/_background.scan.sh b/home.admin/_background.scan.sh
index f1c936d5e..17f256d45 100755
--- a/home.admin/_background.scan.sh
+++ b/home.admin/_background.scan.sh
@@ -793,7 +793,7 @@ do
       /home/admin/_cache.sh set ln_cl_${CHAIN}net_running "${ln_cl_running}"
       /home/admin/_cache.sh set ln_cl_${CHAIN}net_ready "${ln_cl_ready}"
       /home/admin/_cache.sh set ln_cl_${CHAIN}net_online "${ln_cl_online}"
-      /home/admin/_cache.sh set ln_cl_${CHAIN}net_locked "0"
+      /home/admin/_cache.sh set ln_cl_${CHAIN}net_locked "${ln_cl_locked}"
       /home/admin/_cache.sh set ln_cl_${CHAIN}net_error_short "${ln_cl_error_short}"
       /home/admin/_cache.sh set ln_cl_${CHAIN}net_error_full "${ln_cl_error_full}"
       if [ "${isDefaultLightning}" == "1" ] && [ "${isDefaultChain}" == "1" ]; then
@@ -802,7 +802,7 @@ do
         /home/admin/_cache.sh set ln_default_running "${lc_running}"
         /home/admin/_cache.sh set ln_default_ready "${cl_ready}"
         /home/admin/_cache.sh set ln_default_online "${cl_online}"
-        /home/admin/_cache.sh set ln_default_locked "0"
+        /home/admin/_cache.sh set ln_default_locked "${ln_cl_locked}"
         /home/admin/_cache.sh set ln_default_error_short "${cl_error_short}"
         /home/admin/_cache.sh set ln_default_error_full "${cl_error_full}"
       fi
diff --git a/home.admin/config.scripts/cl.hsmtool.sh b/home.admin/config.scripts/cl.hsmtool.sh
index c209d8c2c..f9d9114e7 100644
--- a/home.admin/config.scripts/cl.hsmtool.sh
+++ b/home.admin/config.scripts/cl.hsmtool.sh
@@ -255,6 +255,7 @@ seedwords6x4='${seedwords6x4}'
 
   exit 0
 
+
 elif [ "$1" = "unlock" ]; then
   # check if unlocked
   attempt=0
@@ -280,7 +281,7 @@ elif [ "$1" = "unlock" ]; then
         sudo systemctl restart ${netprefix}lightningd
         justUnlocked=1
       else
-        echo "# Waiting to unlock wallet (2) ... "
+        echo "# waiting to unlock wallet (2) ... "
         sleep 5
       fi
 
@@ -314,18 +315,20 @@ elif [ "$1" = "unlock" ]; then
       echo
       exit 1
     fi
-    echo "# Waiting to unlock wallet ... "
+    echo "# waiting to unlock wallet ... $((attempt*5))"
     sleep 5
     attempt=$((attempt+1))
   done
   echo "# Ok the ${netprefix}lightningd wallet is unlocked"
   exit 0
 
+
 elif [ "$1" = "lock" ]; then
   shredPasswordFile
   sudo systemctl restart ${netprefix}lightningd
   exit 0
 
+
 elif [ "$1" = "encrypt" ]; then
 
    # check if sudo
@@ -367,9 +370,11 @@ elif [ "$1" = "encrypt" ]; then
   walletPassword=$3
   encryptHSMsecret $walletPassword
 
+
 elif [ "$1" = "decrypt" ]; then
   decryptHSMsecret
 
+
 elif [ "$1" = "autounlock-on" ]; then
   if grep -Eq "${netprefix}clEncryptedHSM=on" /mnt/hdd/raspiblitz.conf;then
     echo "# Moving the password from $passwordFile to /home/bitcoin/.${netprefix}cl.pw"
@@ -383,6 +388,7 @@ elif [ "$1" = "autounlock-on" ]; then
 
   echo "# Autounlock is on for C-lightning $CHAIN"
 
+
 elif [ "$1" = "autounlock-off" ]; then
   if [ -f /home/bitcoin/.${netprefix}cl.pw ];then
     sudo cp /home/bitcoin/.${netprefix}cl.pw /dev/shm/.${netprefix}cl.pw
@@ -394,6 +400,7 @@ elif [ "$1" = "autounlock-off" ]; then
   /home/admin/config.scripts/blitz.conf.sh set ${netprefix}clAutoUnlock "off"
   echo "# Autounlock is off for C-lightning $CHAIN"
 
+
 elif [ "$1" = "change-password" ]; then
   decryptHSMsecret || exit 1
   walletPassword=$3
@@ -405,6 +412,7 @@ elif [ "$1" = "change-password" ]; then
   fi
   exit 0
 
+
 elif [ "$1" = "check" ]; then
   # TODO https://github.com/rootzoll/raspiblitz/issues/2897
   # dumponchaindescriptors <path/to/hsm_secret> [network]
diff --git a/home.admin/config.scripts/cl.monitor.sh b/home.admin/config.scripts/cl.monitor.sh
index 0dc21f582..dd47f9b09 100755
--- a/home.admin/config.scripts/cl.monitor.sh
+++ b/home.admin/config.scripts/cl.monitor.sh
@@ -48,10 +48,42 @@ if [ "$2" = "status" ]; then
   cl_running=$(systemctl status ${netprefix}lightningd 2>/dev/null | grep -c "active (running)")
   cl_ready="0"
   cl_online="0"
+  cl_locked="0"
   cl_error_short=""
   cl_error_full=""
+  
+  if [ "${cl_running}" = "0" ]; then
+    # check if error because wallet is locked
+    # the next release will have soecific error code for decryption  error
+    # https://github.com/ElementsProject/lightning/pull/4908
+    source /mnt/hdd/raspiblitz.conf
+    # password file is on the disk if encrypted and auto-unlock is enabled
+    passwordFile="/dev/shm/.${netprefix}cl.pw"
+    if grep -Eq "${netprefix}clEncryptedHSM=on" /mnt/hdd/raspiblitz.conf;then
+      if grep -Eq "${netprefix}clAutoUnlock=on" /mnt/hdd/raspiblitz.conf;then
+        passwordFile=/home/bitcoin/.${netprefix}cl.pw
+      fi
+    fi
+    clError=$(sudo journalctl -n5 -u ${netprefix}lightningd)
+ 
+    # cases from 'cl.hsmtool.sh unlock'
+    if \
+    [ "$(eval echo \$${netprefix}clEncryptedHSM)" = "on" ] && [ ! -f $passwordFile ] || \
+    [ $(echo "${clError}" | \
+     grep -c 'encrypted-hsm: Could not read pass from stdin.') -gt 0 ] || \
+    [ $(echo "${clError}" | \
+     grep -c 'hsm_secret is encrypted, you need to pass the --encrypted-hsm startup option.') -gt 0 ] || \
+    [ $(echo "${clError}" | \
+      grep -c 'Wrong password for encrypted hsm_secret.') -gt 0 ]; then
+    
+      # signal wallet locked
+      cl_locked="1"
+      # dont report it as error
+      cl_error_short=""
+      cl_error_full=""
+    fi
 
-  if [ "${cl_running}" != "0" ]; then
+  elif [ "${cl_running}" != "0" ]; then
     cl_running="1"
 
     # test connection - record win & fail info
@@ -89,6 +121,7 @@ if [ "$2" = "status" ]; then
   echo "ln_cl_running='${cl_running}'"
   echo "ln_cl_ready='${cl_ready}'"
   echo "ln_cl_online='${cl_online}'"
+  echo "ln_cl_locked='${cl_locked}'"
   echo "ln_cl_error_short='${cl_error_short}'"
   echo "ln_cl_error_full='${cl_error_full}'"