diff --git a/entrypoint.sh b/entrypoint.sh
index 497e3ed3b2f18b8c34507895b36442c902eebe58..8126dde6ab7a06653937f4bcc30924c480f3e5cb 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -49,9 +49,13 @@ time_stamping_key
 EOF
     /usr/bin/certtool --generate-privkey --bits 4096 --sec-param normal --outfile $INSPIRCD_ROOT/conf/key.pem
     /usr/bin/certtool --generate-self-signed --load-privkey $INSPIRCD_ROOT/conf/key.pem --outfile $INSPIRCD_ROOT/conf/cert.pem --template /tmp/cert.template
-    /usr/bin/certtool --generate-dh-params --sec-param normal --outfile $INSPIRCD_ROOT/conf/dhparams.pem
     rm /tmp/cert.template
 fi
 
+# Make sure dhparams are present
+if [ ! -e $INSPIRCD_ROOT/conf/dhparams.pem ]; then
+    /usr/bin/certtool --generate-dh-params --sec-param normal --outfile $INSPIRCD_ROOT/conf/dhparams.pem
+fi
+
 cd $INSPIRCD_ROOT
 exec env INSPIRCD_ROOT=$INSPIRCD_ROOT $INSPIRCD_ROOT/bin/inspircd --nofork $@
diff --git a/tests/secrets.sh b/tests/secrets.sh
index 22081108e3be3a7de3ce24e3427ef0322425ea47..d3f9dc5c7429591465f9ee1cefa7124622458cc7 100755
--- a/tests/secrets.sh
+++ b/tests/secrets.sh
@@ -52,7 +52,7 @@ SECRETKEY=$(docker secret create test-secrets-key  /tmp/test-secrets-key.pem)
 DOCKERSERVICE=$(docker service create -q -d -p "${CLIENT_PORT}:6667" -p "${TLS_CLIENT_PORT}:6697" --secret source=test-secrets-key,target=inspircd.key --secret source=test-secrets-cert,target=inspircd.crt inspircd:testing)
 sleep 35
 # Make sure TLS is working
-TLSCHECK=$(echo quit | timeout 10 openssl s_client -ign_eof -connect "localhost:${TLS_CLIENT_PORT}" 2>/dev/null | grep -c "OU=Secret Server Admins")
+TLSCHECK=$(echo quit | timeout 10 openssl s_client -ign_eof -connect "localhost:${TLS_CLIENT_PORT}" 2>/dev/null | grep -c "OU\s*=\s*Secret Server Admins")
 [ "$TLSCHECK" -gt 0 ] || exit 1
 
 sleep 5