diff --git a/modules/http_proxy/http_proxy_base.go b/modules/http_proxy/http_proxy_base.go
index 49eccfe1..8acaf564 100644
--- a/modules/http_proxy/http_proxy_base.go
+++ b/modules/http_proxy/http_proxy_base.go
@@ -211,7 +211,7 @@ func (p *HTTPProxy) TLSConfigFromCA(ca *tls.Certificate) func(host string, ctx *
 
 		cert := getCachedCert(hostname, port)
 		if cert == nil {
-			p.Debug("creating spoofed certificate for %s:%d", tui.Yellow(hostname), port)
+			p.Info("creating spoofed certificate for %s:%d", tui.Yellow(hostname), port)
 			cert, err = btls.SignCertificateForHost(ca, hostname, port)
 			if err != nil {
 				p.Warning("cannot sign host certificate with provided CA: %s", err)
@@ -219,6 +219,8 @@ func (p *HTTPProxy) TLSConfigFromCA(ca *tls.Certificate) func(host string, ctx *
 			}
 
 			setCachedCert(hostname, port, cert)
+		} else {
+			p.Debug("serving spoofed certificate for %s:%d", tui.Yellow(hostname), port)
 		}
 
 		config := tls.Config{
diff --git a/modules/http_proxy/http_proxy_cert_cache.go b/modules/http_proxy/http_proxy_cert_cache.go
index 8bff6005..3aa2c7bd 100644
--- a/modules/http_proxy/http_proxy_cert_cache.go
+++ b/modules/http_proxy/http_proxy_cert_cache.go
@@ -11,23 +11,21 @@ var (
 	certLock  = &sync.Mutex{}
 )
 
-func getCachedCert(domain string, port int) *tls.Certificate {
-	key := fmt.Sprintf("%s:%d", domain, port)
+func keyFor(domain string, port int) string {
+	return fmt.Sprintf("%s:%d", domain, port)
+}
 
+func getCachedCert(domain string, port int) *tls.Certificate {
 	certLock.Lock()
 	defer certLock.Unlock()
-
-	if cert, found := certCache[key]; found {
+	if cert, found := certCache[keyFor(domain, port)]; found {
 		return cert
 	}
 	return nil
 }
 
 func setCachedCert(domain string, port int, cert *tls.Certificate) {
-	key := fmt.Sprintf("%s:%d", domain, port)
-
 	certLock.Lock()
 	defer certLock.Unlock()
-
-	certCache[key] = cert
+	certCache[keyFor(domain, port)] = cert
 }