diff --git a/src/pki/acme.go b/src/pki/acme.go
index 411066a..cb99439 100644
--- a/src/pki/acme.go
+++ b/src/pki/acme.go
@@ -9,6 +9,7 @@ import (
 	"encoding/pem"
 	"fmt"
 	"log"
+	"time"
 
 	"git.paulbsd.com/paulbsd/pki/src/cert"
 	"git.paulbsd.com/paulbsd/pki/src/config"
@@ -29,7 +30,13 @@ func (u *User) Init(cfg *config.Config) (err error) {
 
 // GetEntry returns requested acme ressource in database relative to domain
 func (u *User) GetEntry(cfg *config.Config, domain string) (Entry cert.Entry, err error) {
-	has, err := cfg.Db.Where("domain = ?", domain).Get(&Entry)
+	todaydate := time.Now().Format("2006-01-02")
+	requireddate := time.Now().AddDate(0, 0, -cfg.ACME.MaxDaysBefore).Format("2006-01-02")
+
+	has, err := cfg.Db.Where("domain = ?", domain).Where(
+		"validity_begin < ?::date", todaydate).Where(
+		"validity_end > ?::date", requireddate).Where(
+		"auth_url = ?", cfg.ACME.AuthURL).Get(&Entry)
 	if !has {
 		err = fmt.Errorf("Entry doesn't exists")
 	}
diff --git a/src/pkiws/serverhandle.go b/src/pkiws/serverhandle.go
index 8e0b823..8670a05 100644
--- a/src/pkiws/serverhandle.go
+++ b/src/pkiws/serverhandle.go
@@ -69,11 +69,6 @@ func GetDates(cert []byte) (NotBefore time.Time, NotAfter time.Time, err error)
 	return
 }
 
-// NeedRenewal is an unimplemented method
-func NeedRenewal(cfg config.Config) (res bool, err error) {
-	return
-}
-
 // convertEntryToResponse converts database ACME entry to JSON ACME entry
 func convertEntryToResponse(in cert.Entry) (out EntryResponse) {
 	out.Domain = in.Domain