server { server_name web.dym.sh; listen 80; listen [::]:80; location ~ /\.well-known/acme-challenge { root /var/lib/letsencrypt/; } location / { add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always; return 301 https://$server_name$request_uri; } } server { server_name web.dym.sh; listen 443 ssl http2; listen [::]:443 ssl http2; ssl_trusted_certificate /etc/letsencrypt/live/dym.sh/chain.pem; ssl_certificate /etc/letsencrypt/live/dym.sh/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/dym.sh/privkey.pem; location / { root /var/www/web.dym.sh/; } }