diff --git a/roles/shellserver/web-hosting/files/eglide/nginx/ssl_params b/roles/shellserver/web-hosting/files/eglide/nginx/ssl_params
new file mode 100644
--- /dev/null
+++ b/roles/shellserver/web-hosting/files/eglide/nginx/ssl_params
@@ -0,0 +1,15 @@
+        #Enable https
+        listen 443 ssl http2;
+        listen [2001:470:1f13:896:0:c0de:15:11fe]:443 ssl http2;
+
+        ssl_session_timeout 1d;
+        ssl_session_cache shared:SSL:50m;
+        ssl_session_tickets off;
+
+        ssl_protocols TLSv1.2;
+        ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
+        ssl_prefer_server_ciphers on;
+
+        add_header Strict-Transport-Security max-age=15768000;
+        ssl_stapling on;
+        ssl_stapling_verify on;
diff --git a/roles/shellserver/web-hosting/files/eglide/nginx/vhosts/001-eglide.org.conf b/roles/shellserver/web-hosting/files/eglide/nginx/vhosts/001-eglide.org.conf
--- a/roles/shellserver/web-hosting/files/eglide/nginx/vhosts/001-eglide.org.conf
+++ b/roles/shellserver/web-hosting/files/eglide/nginx/vhosts/001-eglide.org.conf
@@ -35,11 +35,10 @@
 
         include includes/letsencrypt.conf;
 
-        # Once the first certificate has been generated, we'll enabl this snippet:
-        #
-        # SSL - include ssl_params;
-        # SSL - ssl_certificate     /usr/local/etc/letsencrypt/live/eglide.org/fullchain.pem;
-        # SSL - ssl_certificate_key /usr/local/etc/letsencrypt/live/eglide.org/privkey.pem;
+        include ssl_params;
+        ssl_certificate          /etc/letsencrypt/live/www.eglide.org/fullchain.pem;
+        ssl_certificate_key      /etc/letsencrypt/live/www.eglide.org/privkey.pem;
+        ssl_trusted_certificate  /etc/letsencrypt/live/www.eglide.org/chain.pem;
 
         ###
         ### Main site
diff --git a/roles/shellserver/web-hosting/files/eglide/nginx/vhosts/robot.paysannerebelle.com.conf b/roles/shellserver/web-hosting/files/eglide/nginx/vhosts/robot.paysannerebelle.com.conf
--- a/roles/shellserver/web-hosting/files/eglide/nginx/vhosts/robot.paysannerebelle.com.conf
+++ b/roles/shellserver/web-hosting/files/eglide/nginx/vhosts/robot.paysannerebelle.com.conf
@@ -35,10 +35,8 @@
 
         include includes/letsencrypt.conf;
 
-        # Once the first certificate has been generated, we'll enabl this snippet:
-        #
-        # SSL - include ssl_params;
-        # SSL - ssl_certificate     /usr/local/etc/letsencrypt/live/robot.paysannerebelle.com/fullchain.pem;
-        # SSL - ssl_certificate_key /usr/local/etc/letsencrypt/live/robot.paysannerebelle.com/privkey.pem;
-
+        include ssl_params;
+        ssl_certificate         /etc/letsencrypt/live/robot.paysannerebelle.com/fullchain.pem;
+        ssl_certificate_key     /etc/letsencrypt/live/robot.paysannerebelle.com/privkey.pem;
+        ssl_trusted_certificate /etc/letsencrypt/live/robot.paysannerebelle.com/chain.pem;
     }