diff --git a/scripts/installer.sh b/scripts/installer.sh
index e5311652f..3f2d7362d 100755
--- a/scripts/installer.sh
+++ b/scripts/installer.sh
@@ -50,16 +50,9 @@ if ! id "${USER}" 2>/dev/null; then
     useradd "${USER}" -m
 fi
 
-# This is here, since the splash screen needs this file to be present :-(
-readonly DATA_DIR="/home/${USER}/data"
-if [[ ! -f "${DATA_DIR}/nginx/cert/dhparams.pem" ]]; then
-    mkdir -p "${DATA_DIR}/nginx/cert/"
-    openssl dhparam -out "${DATA_DIR}/nginx/cert/dhparams.pem" 2048
-fi
-
 if [[ "${is_update}" == "yes" ]]; then
     echo "Setting up update splash screen"
-    "${box_src_tmp_dir}/setup/splashpage.sh" --data "${arg_data}" # show splash from new code
+    "${box_src_tmp_dir}/setup/splashpage.sh" --data "${arg_data}" || true # show splash from new code
     ${BOX_SRC_DIR}/setup/stop.sh # stop the old code
 fi
 
diff --git a/setup/start.sh b/setup/start.sh
index 99f03f973..d56002336 100755
--- a/setup/start.sh
+++ b/setup/start.sh
@@ -205,6 +205,10 @@ if ! grep "^Restart=" /etc/systemd/system/multi-user.target.wants/nginx.service;
     echo -e "\n[Service]\nRestart=always\n" >> /etc/systemd/system/multi-user.target.wants/nginx.service
     systemctl daemon-reload
 fi
+# This is here, since the splash screen needs this file to be present :-(
+if [[ ! -f "${BOX_DATA_DIR}/dhparams.pem" ]]; then
+    openssl dhparam -out "${BOX_DATA_DIR}/dhparams.pem" 2048
+fi
 systemctl start nginx
 
 # bookkeep the version as part of data
diff --git a/setup/start/nginx/appconfig.ejs b/setup/start/nginx/appconfig.ejs
index 002a5eaa2..a53ec2b30 100644
--- a/setup/start/nginx/appconfig.ejs
+++ b/setup/start/nginx/appconfig.ejs
@@ -27,7 +27,7 @@ server {
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don't use SSLv3 ref: POODLE
     # ciphers according to https://weakdh.org/sysadmin.html
     ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
-    ssl_dhparam /home/yellowtent/data/nginx/cert/dhparams.pem;
+    ssl_dhparam /home/yellowtent/boxdata/dhparams.pem;
     add_header Strict-Transport-Security "max-age=15768000";
 
     # https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options