diff --git a/object/cert.go b/object/cert.go
index cf02403..3ac0483 100644
--- a/object/cert.go
+++ b/object/cert.go
@@ -16,6 +16,7 @@ package object
 
 import (
 	"fmt"
+	"time"
 
 	"github.com/casbin/caswaf/certificate"
 	"github.com/casbin/caswaf/util"
@@ -183,3 +184,20 @@ func RenewCert(cert *Cert) (bool, error) {
 
 	return UpdateCert(cert.GetId(), cert)
 }
+
+func (cert *Cert) isCertNearExpire() (bool, error) {
+	if cert.ExpireTime == "" {
+		return true, nil
+	}
+
+	expireTime, err := time.Parse(time.RFC3339, cert.ExpireTime)
+	if err != nil {
+		return false, err
+	}
+
+	now := time.Now()
+	duration := expireTime.Sub(now)
+	res := duration <= 7*24*time.Hour
+
+	return res, nil
+}
diff --git a/object/site_cert.go b/object/site_cert.go
index 7241501..6e2fb65 100644
--- a/object/site_cert.go
+++ b/object/site_cert.go
@@ -196,7 +196,15 @@ func (site *Site) checkCerts() error {
 		}
 
 		if cert != nil {
-			continue
+			var nearExpire bool
+			nearExpire, err = cert.isCertNearExpire()
+			if err != nil {
+				return err
+			}
+
+			if !nearExpire {
+				continue
+			}
 		}
 
 		err = site.updateCertForDomain(domain)