diff --git a/server/certificates/certificates.go b/server/certificates/certificates.go
index 98ffe11..2663c67 100644
--- a/server/certificates/certificates.go
+++ b/server/certificates/certificates.go
@@ -517,16 +517,14 @@ func MaintainCertDB(ctx context.Context, interval time.Duration, mainDomainSuffi
 			tlsCertificates, err := certcrypto.ParsePEMBundle(res.Certificate)
 			if err != nil {
 				log.Error().Err(fmt.Errorf("could not parse cert for mainDomainSuffix: %w", err))
-			} else {
+			} else if tlsCertificates[0].NotAfter.Before(time.Now().Add(30 * 24 * time.Hour)) {
 				// renew main certificate 30 days before it expires
-				if tlsCertificates[0].NotAfter.Before(time.Now().Add(30 * 24 * time.Hour)) {
-					go (func() {
-						_, err = obtainCert(mainDomainAcmeClient, []string{"*" + mainDomainSuffix, mainDomainSuffix[1:]}, res, "", dnsProvider, mainDomainSuffix, acmeUseRateLimits, certDB)
-						if err != nil {
-							log.Error().Err(err).Msg("Couldn't renew certificate for main domain")
-						}
-					})()
-				}
+				go (func() {
+					_, err = obtainCert(mainDomainAcmeClient, []string{"*" + mainDomainSuffix, mainDomainSuffix[1:]}, res, "", dnsProvider, mainDomainSuffix, acmeUseRateLimits, certDB)
+					if err != nil {
+						log.Error().Err(err).Msg("Couldn't renew certificate for main domain")
+					}
+				})()
 			}
 		}