diff --git a/CHANGES b/CHANGES
index 1a83a12ec6..e6dc8451d7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+5102.	[bug]		dnssec-coverage failed to use the default TTL when
+			checking KSK deletion times leading to a exception.
+			[GL #585]
+
 5101.	[bug]		Fix default installation path for Python modules and
 			remove the dnspython dependency accidentally introduced
 			by change 4970. [GL #730]
diff --git a/bin/python/isc/dnskey.py.in b/bin/python/isc/dnskey.py.in
index eaedb80d99..83017c457f 100644
--- a/bin/python/isc/dnskey.py.in
+++ b/bin/python/isc/dnskey.py.in
@@ -452,6 +452,10 @@ class dnskey:
         if timespan is None:
             timespan = self.ttl
 
+        if timespan is None:
+            output("WARNING: Key %s using default TTL." % repr(self))
+            timespan = (60*60*24)
+
         now = time.time()
         d = self.delete()
         i = self.inactive()
diff --git a/bin/tests/system/coverage/12-ksk-deletion/expect b/bin/tests/system/coverage/12-ksk-deletion/expect
new file mode 100644
index 0000000000..898c0bf0ba
--- /dev/null
+++ b/bin/tests/system/coverage/12-ksk-deletion/expect
@@ -0,0 +1,6 @@
+args=
+warn=4
+error=1
+ok=1
+retcode=1
+match=0
diff --git a/bin/tests/system/coverage/setup.sh b/bin/tests/system/coverage/setup.sh
index bb6fa4bb1f..5dbc03a11e 100644
--- a/bin/tests/system/coverage/setup.sh
+++ b/bin/tests/system/coverage/setup.sh
@@ -127,3 +127,8 @@ $SETTIME -K $dir -I +18mo -D +2y $zsk1 > /dev/null 2>&1
 zsk2=`$KEYGEN -K $dir -S $zsk1`
 $SETTIME -K $dir -I +16mo $zsk1 > /dev/null 2>&1
 ksk1=`$KEYGEN -K $dir -a rsasha1 -3fk example.com`
+
+# Test 12: Too early KSK deletion
+dir=12-ksk-deletion
+ksk1=`$KEYGEN -K $dir -f KSK -a 8 -b 2048 -I +40d -D +40d example.com`
+ksk2=`$KEYGEN -K $dir -S $ksk1.key example.com`
diff --git a/bin/tests/system/coverage/tests.sh b/bin/tests/system/coverage/tests.sh
index c5ba2117f4..f435eb8f0e 100644
--- a/bin/tests/system/coverage/tests.sh
+++ b/bin/tests/system/coverage/tests.sh
@@ -70,6 +70,12 @@ for dir in [0-9][0-9]-*; do
             ret=1
         fi
 
+        found=`grep Traceback coverage.$n | wc -l`
+        if [ $found -ne 0 ]; then
+            echo "python exception detected"
+            ret=1
+        fi
+
         n=`expr $n + 1`
         if [ $ret != 0 ]; then echo_i "failed"; fi
         status=`expr $status + $ret`
diff --git a/util/copyrights b/util/copyrights
index 3d6841dfd0..0622c2c9de 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -473,6 +473,7 @@
 ./bin/tests/system/coverage/10-check-ksk/expect	X	2014,2018
 ./bin/tests/system/coverage/11-cutoff/README	X	2014,2018
 ./bin/tests/system/coverage/11-cutoff/expect	X	2014,2018
+./bin/tests/system/coverage/12-ksk-deletion/expect	X	2018
 ./bin/tests/system/coverage/clean.sh		SH	2013,2014,2016,2018
 ./bin/tests/system/coverage/setup.sh		SH	2013,2014,2016,2017,2018
 ./bin/tests/system/coverage/tests.sh		SH	2013,2014,2016,2018