diff --git a/doc/Changelog b/doc/Changelog
index fb882bb47..afc30ad9e 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+9 December 2008: Wouter
+	- bug #221 fixed: unbound checkconf checks if key files exist if
+	  remote control is enabled. Also fixed NULL printf when not chrooted.
+
 3 December 2008: Wouter
 	- Fix problem reported by Jaco Engelbrecht where unbound-control stats
 	  freezes up unbound if this was compiled without threading, and
diff --git a/smallapp/unbound-checkconf.c b/smallapp/unbound-checkconf.c
index 539710270..4a0dd9c48 100644
--- a/smallapp/unbound-checkconf.c
+++ b/smallapp/unbound-checkconf.c
@@ -239,8 +239,12 @@ check_chroot_string(const char* desc, char** ss,
 		*ss = fname_after_chroot(str, cfg, 1);
 		if(!*ss) fatal_exit("out of memory");
 		if(!is_file(*ss)) {
-			fatal_exit("%s: \"%s\" does not exist in chrootdir %s", 
-				desc, str, chrootdir);
+			if(chrootdir && chrootdir[0])
+				fatal_exit("%s: \"%s\" does not exist in "
+					"chrootdir %s", desc, str, chrootdir);
+			else
+				fatal_exit("%s: \"%s\" does not exist", 
+					desc, str);
 		}
 		/* put in a new full path for continued checking */
 		free(str);
@@ -347,6 +351,18 @@ morechecks(struct config_file* cfg, const char* fname)
 		endpwent();
 	}
 #endif
+	if(cfg->remote_control_enable) {
+		check_chroot_string("server-key-file", &cfg->server_key_file,
+			cfg->chrootdir, cfg);
+		check_chroot_string("server-cert-file", &cfg->server_cert_file,
+			cfg->chrootdir, cfg);
+		if(!is_file(cfg->control_key_file))
+			fatal_exit("control-key-file: \"%s\" does not exist",
+				cfg->control_key_file);
+		if(!is_file(cfg->control_cert_file))
+			fatal_exit("control-cert-file: \"%s\" does not exist",
+				cfg->control_cert_file);
+	}
 
 	localzonechecks(cfg);
 }