diff --git a/daemon/unbound.c b/daemon/unbound.c
index 432aa912e..10ab082e2 100644
--- a/daemon/unbound.c
+++ b/daemon/unbound.c
@@ -421,17 +421,6 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
 	w_config_adjust_directory(cfg);
 #endif
 
-	/* init syslog (as root) if needed, before daemonize, otherwise
-	 * a fork error could not be printed since daemonize closed stderr.*/
-	if(cfg->use_syslog) {
-		log_init(cfg->logfile, cfg->use_syslog, cfg->chrootdir);
-	}
-	/* if using a logfile, we cannot open it because the logfile would
-	 * be created with the wrong permissions, we cannot chown it because
-	 * we cannot chown system logfiles, so we do not open at all.
-	 * So, using a logfile, the user does not see errors unless -d is
-	 * given to unbound on the commandline. */
-
 	/* read ssl keys while superuser and outside chroot */
 #ifdef HAVE_SSL
 	if(!(daemon->rc = daemon_remote_create(cfg)))
@@ -445,6 +434,17 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
 		fatal_exit("could not set up connect SSL_CTX");
 #endif
 
+	/* init syslog (as root) if needed, before daemonize, otherwise
+	 * a fork error could not be printed since daemonize closed stderr.*/
+	if(cfg->use_syslog) {
+		log_init(cfg->logfile, cfg->use_syslog, cfg->chrootdir);
+	}
+	/* if using a logfile, we cannot open it because the logfile would
+	 * be created with the wrong permissions, we cannot chown it because
+	 * we cannot chown system logfiles, so we do not open at all.
+	 * So, using a logfile, the user does not see errors unless -d is
+	 * given to unbound on the commandline. */
+
 #ifdef HAVE_KILL
 	/* true if pidfile is inside chrootdir, or nochroot */
 	pidinchroot = need_pidfile && (!(cfg->chrootdir && cfg->chrootdir[0]) ||
diff --git a/doc/Changelog b/doc/Changelog
index 9c3724007..865cd6714 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,6 +1,8 @@
 23 January 2018: Wouter
 	- Fix that unbound-checkconf -f flag works with auto-trust-anchor-file
 	  for startup scripts to get the full pathname(s) of anchor file(s).
+	- Print fatal errors about remote control setup before log init,
+	  so that it is printed to console.
 
 22 January 2018: Wouter
 	- Accept tls-upstream in unbound.conf, the ssl-upstream keyword is