diff --git a/caddy/caddy_test.go b/caddy/caddy_test.go
index 24a5d302..be40075d 100644
--- a/caddy/caddy_test.go
+++ b/caddy/caddy_test.go
@@ -4,20 +4,9 @@ import (
 	"net/http"
 	"testing"
 	"time"
-
-	"github.com/mholt/caddy/caddy/https"
-	"github.com/xenolf/lego/acme"
 )
 
 func TestCaddyStartStop(t *testing.T) {
-	// Use fake ACME clients for testing
-	https.NewACMEClient = func(email string, allowPrompts bool) (*https.ACMEClient, error) {
-		return &https.ACMEClient{
-			Client:       new(acme.Client),
-			AllowPrompts: allowPrompts,
-		}, nil
-	}
-
 	caddyfile := "localhost:1984"
 
 	for i := 0; i < 2; i++ {
diff --git a/caddy/https/https.go b/caddy/https/https.go
index 4f8e989c..776425bf 100644
--- a/caddy/https/https.go
+++ b/caddy/https/https.go
@@ -68,12 +68,7 @@ func Activate(configs []server.Config) ([]server.Config, error) {
 	// the renewal ticker is reset, so if restarts happen more often than
 	// the ticker interval, renewals would never happen. but doing
 	// it right away at start guarantees that renewals aren't missed.
-	client, err := NewACMEClient("", true) // renewals don't use email
-	if err != nil {
-		return configs, err
-	}
-	client.Configure("")
-	err = renewManagedCertificates(client)
+	err = renewManagedCertificates(true)
 	if err != nil {
 		return configs, err
 	}
diff --git a/caddy/https/maintain.go b/caddy/https/maintain.go
index 03d841c7..9aa293d0 100644
--- a/caddy/https/maintain.go
+++ b/caddy/https/maintain.go
@@ -24,13 +24,7 @@ func maintainAssets(stopChan chan struct{}) {
 		select {
 		case <-renewalTicker.C:
 			log.Println("[INFO] Scanning for expiring certificates")
-			client, err := NewACMEClient("", false) // renewals don't use email
-			if err != nil {
-				log.Printf("[ERROR] Creating client for renewals: %v", err)
-				continue
-			}
-			client.Configure("") // TODO: Bind address of relevant listener, yuck
-			renewManagedCertificates(client)
+			renewManagedCertificates(false)
 			log.Println("[INFO] Done checking certificates")
 		case <-ocspTicker.C:
 			log.Println("[INFO] Scanning for stale OCSP staples")
@@ -45,8 +39,9 @@ func maintainAssets(stopChan chan struct{}) {
 	}
 }
 
-func renewManagedCertificates(client *ACMEClient) error {
+func renewManagedCertificates(allowPrompts bool) (err error) {
 	var renewed, deleted []Certificate
+	var client *ACMEClient
 	visitedNames := make(map[string]struct{})
 
 	certCacheMu.RLock()
@@ -73,6 +68,15 @@ func renewManagedCertificates(client *ACMEClient) error {
 		timeLeft := cert.NotAfter.Sub(time.Now().UTC())
 		if timeLeft < renewDurationBefore {
 			log.Printf("[INFO] Certificate for %v expires in %v; attempting renewal", cert.Names, timeLeft)
+
+			if client == nil {
+				client, err = NewACMEClient("", allowPrompts) // renewals don't use email
+				if err != nil {
+					return err
+				}
+				client.Configure("") // TODO: Bind address of relevant listener, yuck
+			}
+
 			err := client.Renew(cert.Names[0]) // managed certs better have only one name
 			if err != nil {
 				if client.AllowPrompts {