diff --git a/server/certificates/acme_client.go b/server/certificates/acme_client.go
index b380420..4797531 100644
--- a/server/certificates/acme_client.go
+++ b/server/certificates/acme_client.go
@@ -13,8 +13,8 @@ import (
 )
 
 type AcmeClient struct {
-	legoClient           *lego.Client
-	mainDomainLegoClient *lego.Client
+	legoClient              *lego.Client
+	dnsChallengerLegoClient *lego.Client
 
 	obtainLocks sync.Map
 
@@ -72,8 +72,8 @@ func NewAcmeClient(acmeAccountConf, acmeAPI, acmeMail, acmeEabHmac, acmeEabKID,
 	}
 
 	return &AcmeClient{
-		legoClient:           acmeClient,
-		mainDomainLegoClient: mainDomainAcmeClient,
+		legoClient:              acmeClient,
+		dnsChallengerLegoClient: mainDomainAcmeClient,
 
 		acmeUseRateLimits: acmeUseRateLimits,
 
diff --git a/server/certificates/certificates.go b/server/certificates/certificates.go
index 6cf22e0..cb7e158 100644
--- a/server/certificates/certificates.go
+++ b/server/certificates/certificates.go
@@ -300,7 +300,7 @@ func SetupMainDomainCertificates(mainDomainSuffix string, acmeClient *AcmeClient
 	}
 
 	if mainCertBytes == nil {
-		_, err = acmeClient.obtainCert(acmeClient.mainDomainLegoClient, []string{"*" + mainDomainSuffix, mainDomainSuffix[1:]}, nil, "", true, mainDomainSuffix, certDB)
+		_, err = acmeClient.obtainCert(acmeClient.dnsChallengerLegoClient, []string{"*" + mainDomainSuffix, mainDomainSuffix[1:]}, nil, "", true, mainDomainSuffix, certDB)
 		if err != nil {
 			log.Error().Err(err).Msg("Couldn't renew main domain certificate, continuing with mock certs only")
 		}
@@ -355,7 +355,7 @@ func MaintainCertDB(ctx context.Context, interval time.Duration, acmeClient *Acm
 			} else if tlsCertificates[0].NotAfter.Before(time.Now().Add(30 * 24 * time.Hour)) {
 				// renew main certificate 30 days before it expires
 				go (func() {
-					_, err = acmeClient.obtainCert(acmeClient.mainDomainLegoClient, []string{"*" + mainDomainSuffix, mainDomainSuffix[1:]}, res, "", true, mainDomainSuffix, certDB)
+					_, err = acmeClient.obtainCert(acmeClient.dnsChallengerLegoClient, []string{"*" + mainDomainSuffix, mainDomainSuffix[1:]}, res, "", true, mainDomainSuffix, certDB)
 					if err != nil {
 						log.Error().Err(err).Msg("Couldn't renew certificate for main domain")
 					}