diff --git a/src/pki/acme.go b/src/pki/acme.go
index 9f74f6d..6f63236 100644
--- a/src/pki/acme.go
+++ b/src/pki/acme.go
@@ -10,7 +10,6 @@ import (
 	"fmt"
 	"log"
 	"strings"
-	"time"
 
 	"git.paulbsd.com/paulbsd/pki/src/cert"
 	"git.paulbsd.com/paulbsd/pki/src/config"
@@ -31,10 +30,9 @@ func (u *User) Init(cfg *config.Config) (err error) {
 
 // GetEntry returns requested acme ressource in database relative to domain
 func (u *User) GetEntry(cfg *config.Config, domains []string) (Entry cert.Entry, err error) {
-	renewaldate := time.Now().AddDate(0, 0, -cfg.ACME.MaxDaysBefore).Format("2006-01-02")
 
 	has, err := cfg.Db.Where("domains = ?", strings.Join(domains, ",")).Where(
-		"validity_end >= ?::timestamp", renewaldate).Where(
+		"validity_end::timestamp-'? DAY'::INTERVAL >= now()", cfg.ACME.MaxDaysBefore).Where(
 		"auth_url = ?", cfg.ACME.AuthURL).Desc(
 		"id").Get(&Entry)