diff --git a/ansible/roles/create_image_debian-minimal/defaults/main.yml b/ansible/roles/create_image_debian-minimal/defaults/main.yml
index 866c1e1..4118eac 100644
--- a/ansible/roles/create_image_debian-minimal/defaults/main.yml
+++ b/ansible/roles/create_image_debian-minimal/defaults/main.yml
@@ -5,9 +5,8 @@ ssh_key_url: "https://skulldev.de/Skull-IT/trusted-ssh-keys/raw/branch/main/trus
 
 image_output_dir: "/tmp/packer_images"
 
-debian_iso_url: "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.11.0-amd64-netinst.iso"
-debian_iso_checksum_url: "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA256SUMS"
-# https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA256SUMS
+debian_iso_url: "https://cdimage.debian.org/mirror/cdimage/archive/12.11.0/amd64/iso-cd/debian-12.11.0-amd64-netinst.iso"
+debian_iso_checksum_url: "https://cdimage.debian.org/mirror/cdimage/archive/12.11.0/amd64/iso-cd/SHA256SUMS"
 debian_iso_filename: "debian-12.11.0-amd64-netinst.iso"
 
 ssh_username: "localadmin"
diff --git a/ansible/roles/create_image_debian-minimal/tasks/main.yml b/ansible/roles/create_image_debian-minimal/tasks/main.yml
index ddf8c42..df3fe44 100644
--- a/ansible/roles/create_image_debian-minimal/tasks/main.yml
+++ b/ansible/roles/create_image_debian-minimal/tasks/main.yml
@@ -56,21 +56,51 @@
     dest: "{{ image_output_dir }}/http/preseed.cfg"
     mode: '0644'
 
+- name: Remove old Debian ISO checksums file if exists
+  ansible.builtin.file:
+    path: /tmp/debian_sha256sums.txt
+    state: absent
+
 - name: Download Debian ISO checksums
   ansible.builtin.get_url:
     url: "{{ debian_iso_checksum_url }}"
     dest: /tmp/debian_sha256sums.txt
     mode: '0644'
 
+- name: Download Debian ISO checksums
+  ansible.builtin.get_url:
+    url: "{{ debian_iso_checksum_url }}"
+    dest: /tmp/debian_sha256sums.txt
+    mode: '0644'
+
+- name: Debug - show checksum file content (with special chars visible)
+  ansible.builtin.shell: cat -A /tmp/debian_sha256sums.txt
+  register: checksum_file_content
+  changed_when: false
+
+- debug:
+    var: checksum_file_content.stdout_lines
+
+- name: Debug - show variable value
+  debug:
+    var: debian_iso_filename
+
 - name: Extract checksum for ISO
   ansible.builtin.shell: |
-    grep "{{ debian_iso_filename }}" /tmp/debian_sha256sums.txt | awk '{ print $1 }'
+    awk '{gsub(/\r/, ""); if ($2 == "{{ debian_iso_filename }}") {print $1; exit}}' /tmp/debian_sha256sums.txt
+  args:
+    executable: /bin/bash
   register: debian_iso_checksum_result
   changed_when: false
 
+- name: Fail if checksum not found
+  ansible.builtin.fail:
+    msg: "Could not find SHA256 for {{ debian_iso_filename }} in {{ debian_iso_checksum_url }}"
+  when: (debian_iso_checksum_result.stdout | trim) == ""
+
 - name: Set fact with full checksum string
   ansible.builtin.set_fact:
-    debian_iso_checksum: "sha256:{{ debian_iso_checksum_result.stdout }}"
+    debian_iso_checksum: "sha256:{{ debian_iso_checksum_result.stdout | trim }}"
 
 - name: Template Packer HCL config
   ansible.builtin.template: