We use LetsEncrypt certs that need renewing every 90 days. I guess the process for StrongSwan is to just replace the current certificate and reload. But doesnt this keep the old certificate in cache? What if we renew early and then there are two valid certificates in cache?