diff --git a/changes/warn-if-get_digest-fails b/changes/warn-if-get_digest-fails
new file mode 100644
index 0000000000..6cfc1082a7
--- /dev/null
+++ b/changes/warn-if-get_digest-fails
@@ -0,0 +1,6 @@
+  o Minor bugfixes:
+    - If we fail to compute the identity digest of a v3 legacy
+      keypair, warn, and don't use a buffer-full of junk instead.
+      Bugfix on 0.2.1.1-alpha; fixes bug 3106.
+
+
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index bbd25da054..276f61c430 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -2732,7 +2732,10 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t *private_key,
   if (options->V3AuthUseLegacyKey) {
     authority_cert_t *c = get_my_v3_legacy_cert();
     if (c) {
-      crypto_pk_get_digest(c->identity_key, voter->legacy_id_digest);
+      if (crypto_pk_get_digest(c->identity_key, voter->legacy_id_digest)) {
+        log_warn(LD_BUG, "Unable to compute digest of legacy v3 identity key");
+        memset(voter->legacy_id_digest, 0, DIGEST_LEN);
+      }
     }
   }
 
diff --git a/src/or/dirvote.c b/src/or/dirvote.c
index 7ba6cca1b2..b90684c39a 100644
--- a/src/or/dirvote.c
+++ b/src/or/dirvote.c
@@ -3122,8 +3122,12 @@ dirvote_compute_consensuses(void)
       authority_cert_t *cert = get_my_v3_legacy_cert();
       legacy_sign = get_my_v3_legacy_signing_key();
       if (cert) {
-        crypto_pk_get_digest(cert->identity_key, legacy_dbuf);
-        legacy_id_digest = legacy_dbuf;
+        if (crypto_pk_get_digest(cert->identity_key, legacy_dbuf)) {
+          log_warn(LD_BUG,
+                   "Unable to compute digest of legacy v3 identity key");
+        } else {
+          legacy_id_digest = legacy_dbuf;
+        }
       }
     }