diff --git a/ChangeLog b/ChangeLog
index a11b2903d4..f4cb19e112 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,11 @@ Changes in version 0.2.0.16-alpha - 2008-01-??
     - Reference-count and share copies of address policy entries; only
       5% of them were actually distinct.
 
+  o Minor bugfixes:
+    - When an authority has not signed a consensus, do not try to
+      download a nonexistant "certificate with key 00000000".  Bugfix
+      on 0.2.0.x. Fixes bug 569.
+
   o Minor features (controller):
     - Get NS events working again.  (Patch from tup)
 
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 3ead01fd8a..7794d30fe5 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -328,8 +328,13 @@ authority_certs_fetch_missing(networkstatus_vote_t *status, time_t now)
       {
         trusted_dir_server_t *ds
           = trusteddirserver_get_by_v3_auth_digest(voter->identity_digest);
-        if (!ds)
+        if (!ds) /* XXXX020 This is wrong!!  If we're a cache, we should
+                  * download unrecognized signing keys so we can serve
+                  * them. */
           continue;
+        if (tor_digest_is_zero(voter->signing_key_digest))
+          continue; /* This authority never signed this consensus, so don't
+                     * go looking for a cert with key digest 0000000000. */
         if (authority_cert_get_by_digests(voter->identity_digest,
                                           voter->signing_key_digest)) {
           download_status_reset(&ds->cert_dl_status);