diff --git a/docs/changelog.txt b/docs/changelog.txt
index 952980f..1f15a67 100644
--- a/docs/changelog.txt
+++ b/docs/changelog.txt
@@ -2,6 +2,8 @@ changelog
 
 -- next
 
++ Try a little harder to recover from httpsig failures.
+
 + Add cite tag for block quote attributions.
 
 + @media print styles.
diff --git a/fun.go b/fun.go
index a2371ea..86f89b0 100644
--- a/fun.go
+++ b/fun.go
@@ -28,6 +28,7 @@ import (
 	"os"
 	"regexp"
 	"strings"
+	"time"
 
 	"golang.org/x/net/html"
 	"humungus.tedunangst.com/r/webs/cache"
@@ -613,6 +614,12 @@ func zaggy(keyname string) *rsa.PublicKey {
 	return key
 }
 
+func savingthrow(keyname string) {
+	when := time.Now().UTC().Sub(30 * time.Minute).Format(dbtimeformat)
+	stmtDeleteXonker.Exec(keyname, "pubkey", when)
+	zaggies.Clear(keyname)
+}
+
 func keymatch(keyname string, actor string) string {
 	hash := strings.IndexByte(keyname, '#')
 	if hash == -1 {
diff --git a/web.go b/web.go
index 950623d..62c07b1 100644
--- a/web.go
+++ b/web.go
@@ -330,6 +330,10 @@ func inbox(w http.ResponseWriter, r *http.Request) {
 	}
 
 	keyname, err := httpsig.VerifyRequest(r, payload, zaggy)
+	if err != nil && keyname != "" {
+		savingthrow(keyname)
+		keyname, err = httpsig.VerifyRequest(r, payload, zaggy)
+	}
 	if err != nil {
 		log.Printf("inbox message failed signature for %s from %s", keyname, r.Header.Get("X-Forwarded-For"))
 		if keyname != "" {
@@ -460,6 +464,10 @@ func serverinbox(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	keyname, err := httpsig.VerifyRequest(r, payload, zaggy)
+	if err != nil && keyname != "" {
+		savingthrow(keyname)
+		keyname, err = httpsig.VerifyRequest(r, payload, zaggy)
+	}
 	if err != nil {
 		log.Printf("inbox message failed signature for %s from %s", keyname, r.Header.Get("X-Forwarded-For"))
 		if keyname != "" {