diff --git a/changes/bug5572 b/changes/bug5572
new file mode 100644
index 0000000000..e26308837f
--- /dev/null
+++ b/changes/bug5572
@@ -0,0 +1,5 @@
+  o Major bugfixes:
+    - Make sure we create the keys directory if it doesn't exist and we're
+      about to store the dynamic diffie hellman parameters. Fixes bug 5572;
+      bugfix on 0.2.3.13-alpha.
+
diff --git a/src/or/config.c b/src/or/config.c
index 75a1bd2df1..696bbd0440 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -1332,7 +1332,6 @@ options_act(const or_options_t *old_options)
   or_options_t *options = get_options_mutable();
   int running_tor = options->command == CMD_RUN_TOR;
   char *msg;
-  char *keydir;
   const int transition_affects_workers =
     old_options && options_transition_affects_workers(old_options, options);
 
@@ -1459,35 +1458,18 @@ options_act(const or_options_t *old_options)
   }
 
   /* If needed, generate a new TLS DH prime according to the current torrc. */
-  if (server_mode(options)) {
-    if (!old_options) {
-      if (options->DynamicDHGroups) {
-        char *fname = get_datadir_fname2("keys", "dynamic_dh_params");
-        keydir = get_datadir_fname("keys");
-        if (check_private_dir(keydir, CPD_CREATE, options->User)) {
-          tor_free(keydir);
-          return -1;
-        }
-        tor_free(keydir);
-        crypto_set_tls_dh_prime(fname);
-        tor_free(fname);
-      } else {
-        crypto_set_tls_dh_prime(NULL);
-      }
-    } else {
-      if (options->DynamicDHGroups && !old_options->DynamicDHGroups) {
-        char *fname = get_datadir_fname2("keys", "dynamic_dh_params");
-        keydir = get_datadir_fname("keys");
-        if (check_private_dir(keydir, CPD_CREATE, options->User)) {
-          tor_free(keydir);
-          return -1;
-        }
-        tor_free(keydir);
-        crypto_set_tls_dh_prime(fname);
-        tor_free(fname);
-      } else if (!options->DynamicDHGroups && old_options->DynamicDHGroups) {
-        crypto_set_tls_dh_prime(NULL);
-      }
+  if (server_mode(options) && options->DynamicDHGroups) {
+    char *keydir = get_datadir_fname("keys");
+    if (check_private_dir(keydir, CPD_CREATE, options->User)) {
+      tor_free(keydir);
+      return -1;
+    }
+    tor_free(keydir);
+
+    if (!old_options || !old_options->DynamicDHGroups) {
+      char *fname = get_datadir_fname2("keys", "dynamic_dh_params");
+      crypto_set_tls_dh_prime(fname);
+      tor_free(fname);
     }
   } else { /* clients don't need a dynamic DH prime. */
     crypto_set_tls_dh_prime(NULL);