diff --git a/oshipka.sh b/oshipka.sh
index 59e2908..61edf0d 100755
--- a/oshipka.sh
+++ b/oshipka.sh
@@ -193,6 +193,13 @@ prod_install() {
    sudo ufw allow proto tcp from 192.168.1.1 to any port 443
    echo "Removing '$PROJECT_NAME' insecure nginx config..."
    sudo rm "/etc/nginx/sites-available/${DOMAIN}.insecure" "/etc/nginx/sites-enabled/${DOMAIN}.insecure"
+
+   # PROBLEM: BIO_new_file("/etc/nginx/dhparam.pem") failed
+   # SOLUTION: sudo openssl dhparam -out /etc/nginx/dhparam.pem 2048
+   if [ ! -f "/etc/nginx/dhparam.pem" ]; then
+     sudo openssl dhparam -out /etc/nginx/dhparam.pem 2048
+   fi
+
    if [ -f "/etc/nginx/sites-available/${NGINX_CONFIG_FILE}" ]; then
      echo "Nginx config for ${PROJECT_NAME} available."
      if [ -f "/etc/nginx/sites-enabled/${NGINX_CONFIG_FILE}" ]; then
@@ -210,9 +217,6 @@ prod_install() {
   # PROBLEM : Certificates missing
   # SOLUTION: rm /etc/ssl/certs/ca-certificates.crt
   #           sudo update-ca-certificates in virtual environment.
-
-   # PROBLEM: BIO_new_file("/etc/nginx/dhparam.pem") failed
-   # SOLUTION: sudo openssl dhparam -out /etc/nginx/dhparam.pem 2048
 }
 
 model() {