diff --git a/README.md b/README.md
index e8d0925..1418562 100644
--- a/README.md
+++ b/README.md
@@ -136,13 +136,14 @@ cp /home/zooid/zooid/zooid.service /etc/systemd/system/zooid.service
 systemctl enable zooid
 service zooid start
 
+# Set up a SSL certificate
+# Use another method or --manual-auth-hook and --manual-cleanup-hook to automate renewal
+certbot certonly --manual -d '*.yourdomain.com' --preferred-challenges=dns
+
 # Set up nginx - be sure to edit the server_name to your domain
 cp /home/zooid/zooid/nginx.conf /etc/nginx/sites-available/zooid.conf
 ln -s /etc/nginx/sites-{available,enabled}/zooid.conf
 
-# Set up a SSL certificate - you'll need to verify and renew this manually
-certbot --nginx -d '*.yourdomain.com'
-
 # Enable the site and restart nginx
 service nginx restart
 ```
diff --git a/nginx.conf b/nginx.conf
index 1c5332b..88df073 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -1,6 +1,12 @@
 server {
-    listen              80;
-    server_name         *.yourdomain.com;
+    listen 443 ssl;
+    server_name *.yourdomain.com;
+
+    ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
 
     location / {
         proxy_pass http://127.0.0.1:3334;
@@ -9,5 +15,11 @@ server {
         proxy_set_header Connection "Upgrade";
         proxy_set_header Host $host;
     }
-
+}
+
+server {
+    listen 80;
+    server_name *.yourdomain.com;
+
+    return 301 https://$host$request_uri;
 }