domain_secure.https.conf

listen [::]:443 ssl http2 ipv6only=off; # managed by Certbot

server_name example.com;

ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot

ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot

include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

# Redirect non-https traffic to https

if ($scheme != "https")

{

return 301 https://$host$request_uri;

} # managed by Certbot

add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;