diff --git a/scripts/pma-gateway/create_pma_gateway.sh b/scripts/pma-gateway/create_pma_gateway.sh
index 0acfd82..374d9ca 100644
--- a/scripts/pma-gateway/create_pma_gateway.sh
+++ b/scripts/pma-gateway/create_pma_gateway.sh
@@ -53,6 +53,95 @@ token="$base.$mac"
 # Secure the phpMyAdmin vhost with Rewrite Rules to block direct access
 VHOST_CONFIG="/usr/share/phpMyAdmin/vhost.conf"
 NEEDS_RESTART=0
+
+# If vhost config is missing or empty, recreate it from a known-good default.
+if [ ! -s "$VHOST_CONFIG" ]; then
+    echo "Warning: $VHOST_CONFIG is empty or missing. Recreating from default." >&2
+    sudo tee "$VHOST_CONFIG" > /dev/null <<'EOF'
+<?xml version="1.0" encoding="UTF-8"?>
+<virtualHostConfig>
+  <docRoot>/usr/share/phpMyAdmin/</docRoot>
+  <enableGzip>1</enableGzip>
+  <logging>
+    <log>
+      <useServer>0</useServer>
+      <fileName>$SERVER_ROOT/logs/error.log</fileName>
+      <logLevel>DEBUG</logLevel>
+      <rollingSize>10M</rollingSize>
+    </log>
+    <accessLog>
+      <useServer>0</useServer>
+      <fileName>$SERVER_ROOT/logs/access.log</fileName>
+      <rollingSize>10M</rollingSize>
+      <keepDays>30</keepDays>
+      <compressArchive>0</compressArchive>
+    </accessLog>
+  </logging>
+  <index>
+    <useServer>0</useServer>
+    <indexFiles>index.php, index.html</indexFiles>
+    <autoIndex>0</autoIndex>
+    <autoIndexURI>/_autoindex/default.php</autoIndexURI>
+  </index>
+  <customErrorPages>
+    <errorPage>
+      <errCode>404</errCode>
+      <url>/error404.html</url>
+    </errorPage>
+  </customErrorPages>
+  <htAccess>
+    <allowOverride>31</allowOverride>
+    <accessFileName>.htaccess</accessFileName>
+  </htAccess>
+  <expires>
+    <enableExpires>1</enableExpires>
+  </expires>
+  <security>
+    <wpProtectAction>0</wpProtectAction>
+    <hotlinkCtrl>
+      <enableHotlinkCtrl>0</enableHotlinkCtrl>
+      <suffixes>gif,  jpeg,  jpg</suffixes>
+      <allowDirectAccess>1</allowDirectAccess>
+      <onlySelf>1</onlySelf>
+    </hotlinkCtrl>
+    <accessControl>
+      <allow>*</allow>
+    </accessControl>
+  <wpProtectLimit>10</wpProtectLimit></security>
+  <cache>
+    <storage>
+      <cacheStorePath>/tmp/lscache/vhosts/$VH_NAME</cacheStorePath>
+    </storage>
+  </cache>
+  <rewrite>
+    <enable>0</enable>
+    <logLevel>0</logLevel>
+    <rules>RewriteCond %{HTTP_USER_AGENT}  ^NameOfBadRobot
+RewriteRule ^/nospider/         -   [F]</rules>
+  </rewrite>
+  <vhssl>
+    <keyFile>/var/www/ssl/litespeed.key</keyFile>
+    <certFile>/var/www/ssl/litespeed.crt</certFile>
+    <certChain>1</certChain>
+  </vhssl>
+  <frontPage>
+    <enable>0</enable>
+    <disableAdmin>0</disableAdmin>
+  </frontPage>
+  <awstats>
+    <updateMode>0</updateMode>
+    <workingDir>$VH_ROOT/awstats</workingDir>
+    <awstatsURI>/awstats/</awstatsURI>
+    <siteDomain>localhost</siteDomain>
+    <siteAliases>127.0.0.1 localhost</siteAliases>
+    <updateInterval>86400</updateInterval>
+    <updateOffset>0</updateOffset>
+  </awstats>
+</virtualHostConfig>
+EOF
+    NEEDS_RESTART=1
+fi
+
 if [ -f "$VHOST_CONFIG" ]; then
     MARKER="# PMA Gateway Security Rules"