It sounds like the feature you want (auto-refresh an expired cert) should be implemented in the TLS library itself.