diff --git a/internal/autocert/provider.go b/internal/autocert/provider.go
index a269924..58e9afa 100644
--- a/internal/autocert/provider.go
+++ b/internal/autocert/provider.go
@@ -5,10 +5,11 @@ import (
 	"crypto/x509"
 	"errors"
 	"fmt"
+	"maps"
 	"os"
 	"path"
-	"reflect"
-	"sort"
+	"slices"
+	"strings"
 	"time"
 
 	"github.com/go-acme/lego/v4/certificate"
@@ -283,22 +284,19 @@ func (p *Provider) certState() CertState {
 		return CertStateExpired
 	}
 
-	certDomains := make([]string, len(p.certExpiries))
-	wantedDomains := make([]string, len(p.cfg.Domains))
-	i := 0
-	for domain := range p.certExpiries {
-		certDomains[i] = domain
-		i++
-	}
-	copy(wantedDomains, p.cfg.Domains)
-	sort.Strings(wantedDomains)
-	sort.Strings(certDomains)
-
-	if !reflect.DeepEqual(certDomains, wantedDomains) {
-		log.Info().Msgf("cert domains mismatch: %v != %v", certDomains, p.cfg.Domains)
+	if len(p.certExpiries) != len(p.cfg.Domains) {
 		return CertStateMismatch
 	}
 
+	for i := range len(p.cfg.Domains) {
+		if _, ok := p.certExpiries[p.cfg.Domains[i]]; !ok {
+			log.Info().Msgf("autocert domains mismatch: cert: %s, wanted: %s",
+				strings.Join(slices.Collect(maps.Keys(p.certExpiries)), ", "),
+				strings.Join(p.cfg.Domains, ", "))
+			return CertStateMismatch
+		}
+	}
+
 	return CertStateValid
 }