Index: src/certificates.c
===================================================================
--- src/certificates.c	(revision 2241)
+++ src/certificates.c	(working copy)
@@ -805,8 +805,12 @@
 
  if(stat(keyfilename,&buf) || buf.st_size==0)
    {
-    if(CreatePrivateKey(keyfilename))
-      {PrintMessage(Warning,"Could not create the WWWOFFLE private key file '%s'.",keyfilename);goto finished;}
+    err=CreatePrivateKey(keyfilename);
+
+    if(err<0)
+      {PrintMessage(Warning,"Could not create the WWWOFFLE private key file '%s'; already exists, using it.",keyfilename); goto readagain;}
+    else if(err>0)
+      {PrintMessage(Warning,"Could not create the WWWOFFLE private key file '%s'.",keyfilename); goto finished;}
    }
 
  if(stat(keyfilename,&buf) || buf.st_size==0)
@@ -838,8 +842,10 @@
     else
        err=CreateCertificate(crtfilename,hostname,NULL,privkey);
 
-    if(err)
-      {PrintMessage(Warning,"Could not create the WWWOFFLE certificate file '%s'.",crtfilename);goto finished;}
+    if(err<0)
+      {PrintMessage(Warning,"Could not create the WWWOFFLE certificate file '%s'; already exists, using it.",crtfilename); goto readagain;}
+    else if(err>0)
+      {PrintMessage(Warning,"Could not create the WWWOFFLE certificate file '%s'.",crtfilename); goto finished;}
    }
 
  if(stat(crtfilename,&buf) || buf.st_size==0)
@@ -896,8 +902,17 @@
 
  err=gnutls_certificate_set_x509_key(cred,&crt,1,privkey);
  if(err!=GNUTLS_E_SUCCESS)
-   {PrintMessage(Warning,"Could not set private key for %s credentials for '%s' [%s].",server?"server":"fake",hostname,gnutls_strerror(err));gnutls_certificate_free_credentials(cred);goto finished;}
+   {
+    gnutls_certificate_free_credentials(cred);
 
+    PrintMessage(Warning,"Could not set private key for %s credentials for '%s' [%s].",server?"server":"fake",hostname,gnutls_strerror(err));
+
+    if(unlink(crtfilename))
+      {PrintMessage(Warning,"Cannot delete the invalid WWWOFFLE %s certificate file for '%s'.",server?"server":"fake",hostname); goto finished;}
+
+    goto readagain;
+   }
+
  if(dh_params)
     gnutls_certificate_set_dh_params(cred,dh_params);
 
@@ -946,7 +961,7 @@
 
  /* Create the file for the certificate. */
 
- fd=open(filename,O_WRONLY|O_CREAT|O_TRUNC|O_EXCL|O_BINARY,S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
+ fd=open(filename,O_WRONLY|O_CREAT|O_EXCL|O_BINARY,S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
  if(fd<0)
    {PrintMessage(Warning,"Could not open certificate file '%s' for writing [%!s].",filename);return(-1);}
  close(fd);
@@ -1102,7 +1117,7 @@
 
  /* Create the file for the certificate. */
 
- fd=open(filename,O_WRONLY|O_CREAT|O_TRUNC|O_EXCL|O_BINARY,S_IRUSR|S_IWUSR);
+ fd=open(filename,O_WRONLY|O_CREAT|O_EXCL|O_BINARY,S_IRUSR|S_IWUSR);
  if(fd<0)
    {PrintMessage(Warning,"Could not open private key file '%s' for writing [%!s].",filename);return(-1);}
  close(fd);