just use expirable cache

server/certificates/certificates.go

@@ -14,7 +14,7 @@ import (
 	"github.com/go-acme/lego/v4/certificate"
 	"github.com/go-acme/lego/v4/challenge/tlsalpn01"
 	"github.com/go-acme/lego/v4/lego"
-	lru "github.com/hashicorp/golang-lru/v2"
+	"github.com/hashicorp/golang-lru/v2/expirable"
 	"github.com/reugn/equalizer"
 	"github.com/rs/zerolog/log"
 
@@ -37,10 +37,7 @@ func TLSConfig(mainDomainSuffix string,
 	noDNS01 bool,
 	rawDomain string,
 ) *tls.Config {
-	keyCache, err := lru.New[string, *tls.Certificate](32)
-	if err != nil {
-		panic(err) // This should only happen if 32 < 0 at the time of writing, which should be reason enough to panic.
-	}
+	keyCache := expirable.NewLRU[string, *tls.Certificate](32, nil, 24*time.Hour)
 
 	return &tls.Config{
 		// check DNS name & get certificate from Let's Encrypt
@@ -112,13 +109,8 @@ func TLSConfig(mainDomainSuffix string,
 			}
 
 			if tlsCertificate, ok := keyCache.Get(domain); ok {
-				if tlsCertificate.Leaf.NotAfter.Before(time.Now().Add(7 * 24 * time.Hour)) {
-					// if cert is up for renewal remove it from the cache
-					keyCache.Remove(domain)
-				} else {
-					// we can use an existing certificate object
-					return tlsCertificate, nil
-				}
+				// we can use an existing certificate object
+				return tlsCertificate, nil
 			}
 
 			var tlsCertificate *tls.Certificate
@@ -143,7 +135,6 @@ func TLSConfig(mainDomainSuffix string,
 				}
 			}
 
-			log.Error().Interface("cert", tlsCertificate).Msg("AAAAAAAAAAAAAAAAAAAAAAAAAAAAa")
 			keyCache.Add(domain, tlsCertificate)
 
 			return tlsCertificate, nil