diff --git a/src/cert.rs b/src/cert.rs
index 591bb9c..50ddd5f 100644
--- a/src/cert.rs
+++ b/src/cert.rs
@@ -26,7 +26,7 @@ pub fn load_certificate(cert_fn: &str, key_fn: &str) -> Result<(Certificate, Str
 }
 
 pub fn issue_certificate(issuer_certificate: &Certificate, domain: &str) -> Result<Cert, String> {
-    let cert = new_end_entity(domain)?;
+    let cert = build_certificate(domain)?;
     log::info!("New certificate for: {} -> {}", domain, hex::encode(cert.get_key_identifier()));
 
     let cert_pem = cert.serialize_pem_with_signer(issuer_certificate)
@@ -59,7 +59,7 @@ fn parse_pkcs8(pem: &str) -> String {
     pem.to_string()
 }
 
-fn new_end_entity(domain: &str) -> Result<Certificate, String> {
+fn build_certificate(domain: &str) -> Result<Certificate, String> {
     let mut params = CertificateParams::new(vec![domain.into()]);
     let (start, end) = validity_period()?;
     params.distinguished_name.push(DnType::CommonName, domain);
@@ -75,8 +75,8 @@ fn new_end_entity(domain: &str) -> Result<Certificate, String> {
 
 fn validity_period() -> Result<(OffsetDateTime, OffsetDateTime), String> {
     let start = OffsetDateTime::now_utc().checked_sub(Duration::hours(1))
-        .expect("SHOULD NOT HAPPEN!");
+        .ok_or::<String>("Generate start datetime failed.".into())?;
     let end = OffsetDateTime::now_utc().checked_add(Duration::days(90))
-        .expect("SHOULD NOT HAPPEN!");
+        .ok_or::<String>("Generate start datetime failed.".into())?;
     Ok((start, end))
 }