diff --git a/changelog/unreleased/bugfix-idp-init-certificate-empty-file b/changelog/unreleased/bugfix-idp-init-certificate-empty-file
new file mode 100644
index 000000000..0b0967669
--- /dev/null
+++ b/changelog/unreleased/bugfix-idp-init-certificate-empty-file
@@ -0,0 +1,6 @@
+Bugfix: Autocreate IDP private key also if file exists but is empty
+
+We've fixed the behavior for the IDP private key generation so that
+a private key is also generated when the file already exists but is empty.
+
+https://github.com/owncloud/ocis/pull/4394
diff --git a/services/idp/pkg/command/server.go b/services/idp/pkg/command/server.go
index 6e6be436a..4991a385e 100644
--- a/services/idp/pkg/command/server.go
+++ b/services/idp/pkg/command/server.go
@@ -161,12 +161,12 @@ func ensureEncryptionSecretExists(path string) error {
 
 func ensureSigningPrivateKeyExists(paths []string) error {
 	for _, path := range paths {
-		_, err := os.Stat(path)
-		if err == nil {
-			// If the file exists we can just return
+		file, err := os.Stat(path)
+		if err == nil && file.Size() > 0 {
+			// If the file exists and is not empty we can just return
 			return nil
 		}
-		if !errors.Is(err, fs.ErrNotExist) {
+		if !errors.Is(err, fs.ErrNotExist) && file.Size() > 0 {
 			return err
 		}