server { listen 80 default_server; listen [::]:80 default_sever; server_name _; root /var/www/html/public; include /etc/nginx/snippets/letsencrpt.conf; if ($host = autoconfig.example.com) { return 301 https://$host$request_uri; } if ($host = autodiscover.example.com) { return 301 https://$host$request_uri; } if ($host = mail.example.com) { return 301 https://$host$request_uri; } if ($host = www.example.com) { return 301 https://$host$request_uri; } if ($host = example.com) { return 301 https://$host$request_uri; } # Edit the cli.ini in /etc/letsencrypt/ directory to add security enchancements return 404; } server { listen 443 ssl; listen [::]:443 ssl ipv6only=on; server_name www.example.com; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; include /etc/nginx/snippets/ssl.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem; include /etc/nginx/snippets/stapling.conf; return 301 https://example.com$request_uri; } server { listen 443 ssl; listen [::]:443 ssl ipv6only=on; server_name example.com; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; include /etc/nginx/snippets/ssl.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem; include /etc/nginx/snippets/stapling.conf; include /etc/nginx/snippets/security.conf; root /var/www/html/public; index index.html index.htm; }