diff --git a/03-install.sh b/03-install.sh
index 7cc7044..025256e 100644
--- a/03-install.sh
+++ b/03-install.sh
@@ -1,32 +1,36 @@
 #!/bin/sh
 # TODO:
 # - Check all variables to avoid root execution on unspecified places
-# - Change apt to apt-get to avoid warning
+echo_debug() {                                 # DEBUG
+    printf '\033[1mDEBUG: %s...\033[0m\n' "$1" # DEBUG
+}                                              # DEBUG
+
+alias tsudo 'printf "%s" "$SUDO_PASSWORD" | sudo -Skp ""'
 
 debian_install_certs() {
 # Source: https://fran.cr/instalar-firma-digital-costa-rica-gnu-linux-ubuntu-debian/
-# Extraer fichero descargado
-printf '\033[1mExtraer fichero...\033[0m\n' # DEBUG
+
+echo_debug "Instalando dependencias" # DEBUG
+tsudo apt-get install -y unzip binutils p11-kit pcscd bubblewrap icedtea-netx > /dev/null
+
+echo_debug "Extraer fichero" # DEBUG
 (cd "$SAVE_DIR" && unzip -u "$SAVE_FILE" > /dev/null)
+
+echo_debug "Copiar certificados" # DEBUG
 for cert in "$(find "$SAVE_DIR" -name "Certificados")"/* ; do
     certname="${cert##*/}"
-    printf '%s' "$SUDO_PASSWORD" | sudo -Skp '' cp "$cert" /usr/local/share/ca-certificates/"${certname%.cer}.crt"
+    tsudo cp "$cert" /usr/local/share/ca-certificates/"${certname%.cer}.crt"
 done
 
-# Extraer módulo privativo
-printf '\033[1mExtraer módulo privativo...\033[0m\n' # DEBUG
+echo_debug "Extraer módulo privativo" #DEBUG
 PACKAGE="$(find "$SAVE_DIR" -name "idprotectclient[-_]*.deb")"
 PACKAGE_DIR="${PACKAGE%/*}"
 PACKAGE="${PACKAGE##*/}"
 (cd "$PACKAGE_DIR" && ar p "$PACKAGE" data.tar.gz | tar zx ./usr/lib/x64-athena/libASEP11.so)
-printf '%s' "$SUDO_PASSWORD" | sudo -Skp '' cp -p "$PACKAGE_DIR"/usr/lib/x64-athena/libASEP11.so /usr/lib/x86_64-linux-gnu/
+tsudo cp -p "$PACKAGE_DIR"/usr/lib/x64-athena/libASEP11.so /usr/lib/x86_64-linux-gnu/
 
-# Instalar componentes
-printf '\033[1mPaquetería, certificados y módulos...\033[0m\n' # DEBUG
-printf '%s' "$SUDO_PASSWORD" | sudo -Skp '' sh -c '
-# --- Prerequisitos ---
-apt install -y p11-kit pcscd binutils bubblewrap icedtea-netx > /dev/null
-systemctl enable --now pcscd.socket > /dev/null
+echo_debug "Symlinks y componentes..." # DEBUG
+tsudo sh -c '
 # --- Certificados ---
 for file in /usr/local/share/ca-certificates/*.crt ; do openssl x509 -inform DER -in "$file" -out "$file.tmp" 2> /dev/null ; done
 find /usr/local/share/ca-certificates/ -type f -empty -delete
@@ -40,12 +44,11 @@ ln -sf /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/lib/
 ln -sf /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/local/lib/
 ln -sf /usr/lib/x86_64-linux-gnu/libASEP11.so /Firma_Digital/LIBRERIAS/
 ln -sf /usr/local/share/ca-certificates /Firma_Digital/CERTIFICADOS
+systemctl enable --now pcscd.socket > /dev/null
 '
 
-# Archivos de configuración
-
-printf '\033[1mConfigurando IDPClientDB...\033[0m\n' # DEBUG
-printf '%s' "$SUDO_PASSWORD" | sudo -Skp '' sh -c "
+echo_debug "Configurando IDPClientDB" #DEBUG
+tsudo sh -c "
 mkdir -p /etc/Athena
 echo \"<?xml version=\"1.0\" encoding=\"utf-8\" ?>
 <IDProtect>
@@ -70,14 +73,14 @@ echo \"<?xml version=\"1.0\" encoding=\"utf-8\" ?>
 </IDProtect>\" > /etc/Athena/IDPClientDB.xml
 "
 
-printf '\033[1mConfigurando p11-kit/modules...\033[0m\n' # DEBUG
-printf '%s' "$SUDO_PASSWORD" | sudo -Skp '' sh -c "
+echo_debug "Configurando p11-kit/modules" #DEBUG
+tsudo sh -c "
 mkdir -p /usr/share/p11-kit/modules
 echo 'remote: |bwrap --unshare-all --dir /tmp --ro-bind /etc/Athena /etc/Athena --proc /proc --dev /dev --ro-bind /usr /usr --ro-bind /lib /lib --ro-bind /lib64 /lib64 --ro-bind /var/run/pcscd /var/run/pcscd --ro-bind /run/pcscd /run/pcscd p11-kit remote /usr/lib/x86_64-linux-gnu/libASEP11.so' > /usr/share/p11-kit/modules/firma-digital.module
 "
 
-printf '\033[1mConfigurando p11-kit update symlinks...\033[0m\n' # DEBUG
-printf '%s' "$SUDO_PASSWORD" | sudo -Skp '' sh -c "
+echo_debug "Configurando p11-kit update symlinks" # DEBUG
+tsudo sh -c "
 mkdir -p /usr/local/sbin
 echo \"#!/bin/sh
 
@@ -128,8 +131,8 @@ fi\" > /usr/local/sbin/update-p11-kit-symlinks
 chmod +x /usr/local/sbin/update-p11-kit-symlinks
 "
 
-printf '\033[1mConfigurando módulo mantenimiento systemd...\033[0m\n' # DEBUG
-printf '%s' "$SUDO_PASSWORD" | sudo -Skp '' sh -c "
+echo_debug "Configurando módulo mantenimiento systemd" # DEBUG
+tsudo sh -c "
 mkdir -p /etc/systemd/system
 echo \"[Unit]
 Description=mantenimiento de enlaces a p11-kit-proxy
@@ -144,8 +147,8 @@ WantedBy=multi-user.target
 systemctl enable --now p11-kit-proxy-updater.service > /dev/null
 "
 
-printf '\033[1mInstalando trust module pk11...\033[0m\n' # DEBUG
-printf '%s' "$SUDO_PASSWORD" | sudo -Skp '' sh -c "
+echo_debug "Instalando trust module pk11" # DEBUG
+tsudo sh -c "
 mkdir -p /etc/pkcs11/modules
 echo 'disable-in:' > /etc/pkcs11/modules/p11-kit-trust.module
 "
@@ -153,20 +156,26 @@ echo 'disable-in:' > /etc/pkcs11/modules/p11-kit-trust.module
 
 fedora_install_certs() {
 # Source: https://fran.cr/instalar-firma-digital-costa-rica-gnu-linux-fedora/
-# Extraer fichero descargado
-printf '\033[1mExtraer fichero...\033[0m\n' # DEBUG
-(cd "$SAVE_DIR" && unzip -u "$SAVE_FILE" > /dev/null)
-printf '%s' "$SUDO_PASSWORD" | sudo -Skp '' cp -p "$(find "$SAVE_DIR" -name "Certificados")"/* /usr/share/pki/ca-trust-source/anchors/
-printf '%s' "$SUDO_PASSWORD" | sudo -Skp '' update-ca-trust
 
-# Extraer módulo privativo
-printf '\033[1mExtraer módulo privativo...\033[0m\n' # DEBUG
+echo_debug "Instalando dependencias" # DEBUG
+tsudo dnf -y install unzip pcsc-lite icedtea-web > /dev/null
+
+echo_debug "Extraer fichero" # DEBUG
+(cd "$SAVE_DIR" && unzip -u "$SAVE_FILE" > /dev/null)
+
+echo_debug "Copiar certificados" # DEBUG
+tsudo cp -p "$(find "$SAVE_DIR" -name "Certificados")"/* /usr/share/pki/ca-trust-source/anchors/
+tsudo update-ca-trust
+
+echo_debug "Extraer módulo privativo" # DEBUG
 PACKAGE="$(find "$SAVE_DIR" -name "idprotectclient[-_]*.rpm")"
 PACKAGE_DIR="${PACKAGE%/*}"
 PACKAGE="${PACKAGE##*/}"
 (cd "$PACKAGE_DIR" && rpm2cpio "$PACKAGE" | cpio -dim ./usr/lib/x64-athena/libASEP11.so)
-printf '%s' "$SUDO_PASSWORD" | sudo -Skp '' cp -p "$PACKAGE_DIR"/usr/lib/x64-athena/libASEP11.so /usr/lib64/
-printf '%s' "$SUDO_PASSWORD" | sudo -Skp '' sh -c '
+tsudo cp -p "$PACKAGE_DIR"/usr/lib/x64-athena/libASEP11.so /usr/lib64/
+
+echo_debug "Symlinks y componentes..." # DEBUG
+tsudo sh -c '
 mkdir -p /usr/lib/x64-athena/
 mkdir -p /Firma_Digital/LIBRERIAS/
 ln -sf /usr/lib64/libASEP11.so /usr/lib/x64-athena/
@@ -176,10 +185,8 @@ ln -sf /usr/lib64/libASEP11.so /Firma_Digital/LIBRERIAS/
 ln -sf /usr/share/pki/ca-trust-source/anchors /Firma_Digital/CERTIFICADOS
 '
 
-# Archivos de configuración
-
-printf '\033[1mConfigurando IDPClientDB...\033[0m\n' # DEBUG
-printf '%s' "$SUDO_PASSWORD" | sudo -Skp '' sh -c "
+echo_debug "Configurando IDPClientDB" # DEBUG
+tsudo sh -c "
 mkdir -p /etc/Athena
 echo \"<?xml version=\"1.0\" encoding=\"utf-8\" ?>
 <IDProtect>
@@ -204,13 +211,40 @@ echo \"<?xml version=\"1.0\" encoding=\"utf-8\" ?>
 </IDProtect>\" > /etc/Athena/IDPClientDB.xml
 "
 
-printf '\033[1mConfigurando p11-kit/modules...\033[0m\n' # DEBUG
-printf '%s' "$SUDO_PASSWORD" | sudo -Skp '' sh -c "
+echo_debug "Configurando p11-kit/modules" # DEBUG
+tsudo sh -c "
 mkdir -p /usr/share/p11-kit/modules
 echo 'remote: |bwrap --unshare-all --dir /tmp --proc /proc --dev /dev --ro-bind /etc/Athena /etc/Athena --ro-bind /usr /usr --ro-bind /var/run/pcscd /var/run/pcscd --ro-bind /run/pcscd /run/pcscd --symlink /usr/lib64 /lib64 p11-kit remote /usr/lib64/libASEP11.so' > /usr/share/p11-kit/modules/firma-digital.module
 "
 }
 
+arch_install_certs() {
+echo_debug "Instalando dependencias" # DEBUG
+tsudo pacman -S --noconfirm --needed unzip cpio rpm-tools pcsclite ccid jre8-openjdk icedtea-web
+
+echo_debug "Extraer fichero" # DEBUG
+(cd "$SAVE_DIR" && unzip -u "$SAVE_FILE" > /dev/null)
+
+echo_debug "Copiar certificados" # DEBUG
+tsudo cp -p "$(find "$SAVE_DIR" -name "Certificados")"/* /usr/share/ca-certificates/trust-source/anchors/
+tsudo update-ca-trust
+
+echo_debug "Extraer módulo privativo" # DEBUG
+(cd "$PACKAGE_DIR" && rpm2cpio "$PACKAGE" | cpio -dim ./usr/lib/x64-athena/libASEP11.so)
+tsudo cp -p "$PACKAGE_DIR"/usr/lib/x64-athena/libASEP11.so /usr/lib/
+
+echo_debug "Symlinks y componentes..." # DEBUG
+tsudo sh -c '
+mkdir -p /usr/lib/x64-athena/
+mkdir -p /Firma_Digital/LIBRERIAS/
+ln -sf /usr/lib/libASEP11.so /usr/lib/x64-athena/
+ln -sf /usr/lib/libASEP11.so /usr/local/lib/
+ln -sf /usr/lib/libASEP11.so /Firma_Digital/LIBRERIAS/
+ln -sf /usr/share/ca-certificates/trust-source/anchors /Firma_Digital/CERTIFICADOS
+ln -sf /usr/lib/p11-kit-proxy.so /usr/lib/firefox/libosclientcerts.so
+'
+}
+
 install_certs() {
 [ -z "$SUDO_PASSWORD" ] && return 1
 [ -z "$SAVE_FILE" ] && return 1
@@ -218,11 +252,18 @@ SAVE_DIR="${SAVE_FILE%/*}"
 
 if   [ "$ID" = "macos" ] ; then
     open "$SAVE_FILE" || return 1
+
 elif [ "$ID" = "debian" ] ; then
     debian_install_certs || return 1
+
 elif [ "$ID" = "fedora" ] ; then
     fedora_install_certs || return 1
+
+elif [ "$ID" = "arch" ] ; then
+    arch_install_certs || return 1
+
 elif [ "$ID" = "centos" ] ; then
-    echo
+    echo || return 1
+
 fi
 }
diff --git a/04-main.sh b/04-main.sh
index 052d1db..be5549b 100644
--- a/04-main.sh
+++ b/04-main.sh
@@ -9,17 +9,16 @@ set_lang
 set_version
 
 if command -v zenity > /dev/null ; then
-    echo "DEBUG: Start zenity" # DEBUG
+    echo_debug "Iniciando zenity" # DEBUG
     MENU="zenity"
     zenity --title "$TITLE" --text "$PROMPT_WELCOME" --info
     ! command -v curl > /dev/null && zenity --title "$TITLE" --text "$PROMPT_ERR_DEPS curl" --error && exit 1
 
-    echo "DEBUG: Serial number is required for download" # DEBUG
+    echo_debug "Pregunta serial" # DEBUG
     SERIAL="$(zenity --title "$TITLE" --text "$PROMPT_SERIAL" --entry)"
     [ -z "$SERIAL" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_SERIAL" --error && exit 1
-
     
-    echo "DEBUG: Generate tempkey & Define DOWNLOAD_URL" # DEBUG
+    echo_debug "Generar tempkey y obtener URL de descarga" # DEBUG
     ARCHIVE="$(get_archive)"
     TEMPKEY="${ARCHIVE##* }"
     FILE="${ARCHIVE%% *}"
@@ -31,7 +30,7 @@ if command -v zenity > /dev/null ; then
     mkdir -p "$SAVE_DIR"
     SIZE="$(curl -sI "$DOWNLOAD_URL" | sed '/[Cc]ontent-[Ll]ength/!d;s/^.*: //g' | awk '{$1/=1024;printf "%d",$1}')"
 
-    echo "DEBUG: Download file & show progress" # DEBUG
+    echo_debug "Descargar y mostrar progreso" # DEBUG
     (curl -sL "$DOWNLOAD_URL" -o "$SAVE_FILE") &
     while true ; do
         sleep 0.5
@@ -47,7 +46,7 @@ if command -v zenity > /dev/null ; then
     ACTIVE="$(ps aux | grep 'curl.*soportefirmadigital' | sed '/grep/d')"
     [ -n "$ACTIVE" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DOWNLOAD" --error && exit 1
 
-    echo "DEBUG: Ask & check sudo password" # DEBUG
+    echo_debug "Consultar sudo pass" # DEBUG
     SUDO_PASSWORD="$(zenity --title "$TITLE" --password)"
     [ -z "$SUDO_PASSWORD" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DEPS_INSTALL" --error && exit 1
     CORRECT_SUDO_PASSWORD="$(printf '%s' "$SUDO_PASSWORD" | sudo -Skp '' whoami >/dev/null 2>&1 || printf 'no')"
@@ -55,12 +54,16 @@ if command -v zenity > /dev/null ; then
 
     # Attempt to install, forward output to zenity
     # but keep exit code of install function
-    echo "DEBUG: Install dependencies, components and certificates according to OS" # DEBUG
+    echo_debug "Funcion install_certs, corre de acuerdo al OS" # DEBUG
     ( ( ( (install_certs; echo $? >&3) |
         zenity --title "$TITLE" --text "$PROMPT_DEPS_INSTALL" --progress --pulsate --auto-close >&4) 3>&1 ) |
         (read -r xs; exit "$xs") ) 4>&1
+    #install_certs # Just run this instead to see debug info
+
+    # install_certs fails (exit code != 0)
     [ "$?" != "0" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DEPS_INSTALL" --error && exit 1
 
+    echo_debug "Termina correctamente" # DEBUG
     zenity --title "$TITLE" --text "$PROMPT_END_SUCCESS" --info
 
 else
@@ -72,7 +75,7 @@ else
     term_prompt "$TITLE" "$PROMPT_SERIAL" entry && read -r SERIAL
     [ -z "$SERIAL" ] && term_prompt "$TITLE" "$PROMPT_ERR_SERIAL" error && exit 1
 
-    echo "DEBUG: Generate tempkey & Define DOWNLOAD_URL" # DEBUG
+    echo_debug "Generar tempkey y obtener URL de descarga" # DEBUG
     ARCHIVE="$(get_archive)"
     TEMPKEY="${ARCHIVE##* }"
     FILE="${ARCHIVE%% *}"
@@ -84,14 +87,20 @@ else
     mkdir -p "$SAVE_DIR"
     SIZE="$(curl -sI "$DOWNLOAD_URL" | sed '/[Cc]ontent-[Ll]ength/!d;s/^.*: //g' | awk '{$1/=1024;printf "%d",$1}')"
 
-    # Download file & show progress
     term_prompt "$TITLE" "$PROMPT_DOWNLOAD" info && echo
     curl "$DOWNLOAD_URL" -o "$SAVE_FILE" --progress-bar
 
+    echo_debug "Consultar sudo pass" # DEBUG
+    term_prompt "$TITLE" "$PROMPT_SUDO_PASSWORD" entry && IFS= read -r SUDO_PASSWORD
+    [ -z "$SUDO_PASSWORD" ] && term_prompt "$TITLE" "$PROMPT_ERR_DEPS_INSTALL" error && exit 1
+    CORRECT_SUDO_PASSWORD="$(printf '%s' "$SUDO_PASSWORD" | sudo -Skp '' whoami >/dev/null 2>&1 || printf 'no')"
+    [ "$CORRECT_SUDO_PASSWORD" = "no" ] && term_prompt "$TITLE" "$PROMPT_ERR_DEPS_INSTALL" error && exit 1
+
     # Install dependencies, components and
     # certificates according to OS
     term_prompt "$TITLE" "$PROMPT_DEPS_INSTALL" info && echo
-    install_certs "$SAVE_FILE" || term_prompt "$TITLE" "$PROMPT_ERR_DEPS_INSTALL" error && echo
+    install_certs "$SAVE_FILE"
+    [ "$?" != "0" ] && term_prompt "$TITLE" "$PROMPT_ERR_DEPS_INSTALL" error && exit 1
 
     term_prompt "$TITLE" "$PROMPT_END_SUCCESS" info && echo