diff --git a/src/dccutil.c b/src/dccutil.c
index b3a80e2cb..b7fce3acc 100644
--- a/src/dccutil.c
+++ b/src/dccutil.c
@@ -276,6 +276,8 @@ void dcc_chatter(int idx)
   dcc[idx].u.chat->channel = 234567;
   j = dcc[idx].sock;
   strcpy(dcc[idx].u.chat->con_chan, "***");
+  if (is_owner(dcc[idx].user))
+    verify_cert_expiry(idx);
   check_tcl_chon(dcc[idx].nick, dcc[idx].sock);
   /* Still there? */
   if ((idx >= dcc_total) || (dcc[idx].sock != j))
diff --git a/src/main.c b/src/main.c
index a9f3df2c3..f18c09123 100644
--- a/src/main.c
+++ b/src/main.c
@@ -680,7 +680,6 @@ static void core_secondly()
             logs[j].f = NULL;
           }
         }
-        verify_cert_expiry();
       }
     }
     if (nowtm.tm_min == notify_users_at)
@@ -706,6 +705,7 @@ static void core_secondly()
             movefile(logs[i].filename, s);
           }
       }
+      verify_cert_expiry(0);
     }
   }
 }
diff --git a/src/proto.h b/src/proto.h
index 79327e7d6..ce8f282d8 100644
--- a/src/proto.h
+++ b/src/proto.h
@@ -310,7 +310,7 @@ int readtclprog(char *fname);
 
 /* tls.c */
 #ifdef TLS
-void verify_cert_expiry(void);
+void verify_cert_expiry(int);
 int ssl_handshake(int, int, int, int, char *, IntFunc);
 char *ssl_fpconv(char *in, char *out);
 const char *ssl_getuid(int sock);
diff --git a/src/tls.c b/src/tls.c
index 001da9dd7..6e40e3774 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -109,11 +109,15 @@ static int ssl_seed(void)
   return 0;
 }
 
-void verify_cert_expiry(void) {
+void verify_cert_expiry(int idx) {
   X509 *x509;
   if ((x509 = SSL_CTX_get0_certificate(ssl_ctx)) &&
-      (ASN1_TIME_cmp_time_t(X509_get0_notAfter(x509), time(NULL)) < 0))
-    putlog(LOG_MISC, "*", "WARNING: certificate expired: %s", tls_certfile);
+      (ASN1_TIME_cmp_time_t(X509_get0_notAfter(x509), time(NULL)) < 0)) {
+    if (idx)
+        dprintf(idx,"WARNING: certificate expired: %s\n", tls_certfile);
+    else
+      putlog(LOG_MISC, "*", "WARNING: certificate expired: %s", tls_certfile);
+  }
 }
 
 /* Prepares and initializes SSL stuff
@@ -164,7 +168,7 @@ int ssl_init()
           tls_certfile, ERR_error_string(ERR_get_error(), NULL));
       fatal("Unable to load TLS certificate (ssl-certificate config setting)!", 0);
     }
-    verify_cert_expiry();
+    verify_cert_expiry(0);
     if (SSL_CTX_use_PrivateKey_file(ssl_ctx, tls_keyfile, SSL_FILETYPE_PEM) != 1) {
       putlog(LOG_MISC, "*", "ERROR: TLS: unable to load private key from %s: %s",
           tls_keyfile, ERR_error_string(ERR_get_error(), NULL));