diff --git a/createlinks b/createlinks
index 4753b02..86783dc 100644
--- a/createlinks
+++ b/createlinks
@@ -212,3 +212,19 @@ safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/uqpsmtpd
 templates2events("/etc/systemd/system-preset/49-koozali.preset", $event);
 event_link("systemd-reload", $event, "89");
 event_link("systemd-default", $event, "88");
+
+$event = "dhparam-update";
+templates2events("/var/service/qpsmtpd/ssl/dhparam.pem", $event);
+safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/qpsmtpd");
+safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/sqpsmtpd");
+safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/uqpsmtpd");
+
+
+$event = "smeserver-base-update";
+templates2events("/var/service/qpsmtpd/ssl/dhparam.pem", $event);
+safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/qpsmtpd");
+safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/sqpsmtpd");
+safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/uqpsmtpd");
+
+
+
diff --git a/root/etc/e-smith/templates.metadata/var/service/qpsmtpd/ssl/dhparam.pem b/root/etc/e-smith/templates.metadata/var/service/qpsmtpd/ssl/dhparam.pem
new file mode 100644
index 0000000..18264f0
--- /dev/null
+++ b/root/etc/e-smith/templates.metadata/var/service/qpsmtpd/ssl/dhparam.pem
@@ -0,0 +1,5 @@
+TEMPLATE_PATH="/home/e-smith/dh.pem"
+OUTPUT_FILENAME="/var/service/qpsmtpd/ssl/dhparam.pem"
+UID="root"
+GID="root"
+PERMS=0644
diff --git a/root/sbin/e-smith/systemd/qpsmtpd-init b/root/sbin/e-smith/systemd/qpsmtpd-init
index 623c67a..af5a23a 100755
--- a/root/sbin/e-smith/systemd/qpsmtpd-init
+++ b/root/sbin/e-smith/systemd/qpsmtpd-init
@@ -30,10 +30,6 @@ export QPSMTPD_CONFIG=/var/service/$ServiceName/config
 [ -e /var/service/qpsmtpd/config/badrcptto_patterns ] && \
     rm -f /var/service/qpsmtpd/config/badrcptto_patterns
 
-# Create dhparam
-[ -s /var/service/qpsmtpd/ssl/dhparam.pem ] || \
-    RANDFILE=/dev/null /usr/bin/openssl dhparam -out /var/service/qpsmtpd/ssl/dhparam.pem 2048
-
 # Create a default dkim key pair
 [ -s /home/e-smith/dkim_keys/default/private ] || (\
     RANDFILE=/dev/null /usr/bin/openssl genrsa -out /home/e-smith/dkim_keys/default/private 2048
diff --git a/root/usr/lib/systemd/system/qpsmtpd.service b/root/usr/lib/systemd/system/qpsmtpd.service
index 2534466..8297fac 100644
--- a/root/usr/lib/systemd/system/qpsmtpd.service
+++ b/root/usr/lib/systemd/system/qpsmtpd.service
@@ -12,6 +12,7 @@ WorkingDirectory=/var/service/qpsmtpd/
 
 ExecStartPre=/sbin/e-smith/service-status qpsmtpd
 ExecStartPre=/sbin/e-smith/systemd/qpsmtpd-init %N
+ExecStartPre=-/sbin/e-smith/expand-template /var/service/qpsmtpd/ssl/dhparam.pem
 ExecStart=/usr/bin/qpsmtpd-forkserver \
         -u qpsmtpd \
         -l 0.0.0.0 \
diff --git a/root/usr/lib/systemd/system/sqpsmtpd.service b/root/usr/lib/systemd/system/sqpsmtpd.service
index 21dcb1e..f6f5182 100644
--- a/root/usr/lib/systemd/system/sqpsmtpd.service
+++ b/root/usr/lib/systemd/system/sqpsmtpd.service
@@ -12,6 +12,7 @@ WorkingDirectory=/var/service/sqpsmtpd/
 
 ExecStartPre=/sbin/e-smith/service-status qpsmtpd
 ExecStartPre=/sbin/e-smith/systemd/qpsmtpd-init %N
+ExecStartPre=-/sbin/e-smith/expand-template /var/service/qpsmtpd/ssl/dhparam.pem
 ExecStart=/usr/bin/qpsmtpd-forkserver \
         -u qpsmtpd \
         -l 0.0.0.0 \
diff --git a/root/usr/lib/systemd/system/uqpsmtpd.service b/root/usr/lib/systemd/system/uqpsmtpd.service
index 9c66078..98cf24a 100644
--- a/root/usr/lib/systemd/system/uqpsmtpd.service
+++ b/root/usr/lib/systemd/system/uqpsmtpd.service
@@ -12,6 +12,7 @@ WorkingDirectory=/var/service/uqpsmtpd/
 
 ExecStartPre=/sbin/e-smith/service-status uqpsmtpd
 ExecStartPre=/sbin/e-smith/systemd/qpsmtpd-init %N
+ExecStartPre=-/sbin/e-smith/expand-template /var/service/qpsmtpd/ssl/dhparam.pem
 ExecStart=/usr/bin/qpsmtpd-forkserver \
         -u qpsmtpd \
         -l 0.0.0.0 \
diff --git a/smeserver-qpsmtpd.spec b/smeserver-qpsmtpd.spec
index 6c28c95..8d54906 100644
--- a/smeserver-qpsmtpd.spec
+++ b/smeserver-qpsmtpd.spec
@@ -4,7 +4,7 @@ Summary: SME Server qpsmtpd module
 %define name smeserver-qpsmtpd
 Name: %{name}
 %define version 11.0.0
-%define release 14
+%define release 15
 Version: %{version}
 Release: %{release}%{?dist}
 License: GPL
@@ -46,6 +46,9 @@ AutoReqProv: no
 SME Server qpsmtpd smtpd module
 
 %changelog
+* Tue Mar 18 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-15.sme
+- change dhparam generation [SME: 12814]
+
 * Thu Mar 06 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-14.sme
 - cleanup of qpsmptd spool [SME: 11671]