diff --git a/internal/controller/sync.go b/internal/controller/sync.go
index 7bcbe00..11dc722 100644
--- a/internal/controller/sync.go
+++ b/internal/controller/sync.go
@@ -260,15 +260,16 @@ func (r *RouteController) buildNextCert(ctx context.Context, route *routev1.Rout
 		return nil, fmt.Errorf("invalid duration annotation on Route %s/%s", route.Namespace, route.Name)
 	}
 
-	var renewBefore time.Duration
+	var renewBefore *metav1.Duration
 	if metav1.HasAnnotation(route.ObjectMeta, cmapi.RenewBeforeAnnotationKey) {
 		renewBeforeAnnotation := route.Annotations[cmapi.RenewBeforeAnnotationKey]
 
-		var err error
-		renewBefore, err = time.ParseDuration(renewBeforeAnnotation)
+		parsedRenewBefore, err := time.ParseDuration(renewBeforeAnnotation)
 		if err != nil {
 			return nil, fmt.Errorf("invalid renew-before annotation %q on Route %s/%s", renewBeforeAnnotation, route.Namespace, route.Name)
 		}
+
+		renewBefore = &metav1.Duration{Duration: parsedRenewBefore}
 	}
 
 	var privateKeyAlgorithm cmapi.PrivateKeyAlgorithm
@@ -494,7 +495,7 @@ func (r *RouteController) buildNextCert(ctx context.Context, route *routev1.Rout
 		Spec: cmapi.CertificateSpec{
 			SecretName:           secretName,
 			Duration:             &metav1.Duration{Duration: duration},
-			RenewBefore:          &metav1.Duration{Duration: renewBefore},
+			RenewBefore:          renewBefore,
 			RevisionHistoryLimit: revisionHistoryLimit,
 			CommonName:           route.Annotations[cmapi.CommonNameAnnotationKey],
 			Subject: &cmapi.X509Subject{