Ensuring Nginx site conf has only port 443 and http2?

How to ensure that my Nginx site-conf file will have only

listen 443 ssl http2; # managed by Certbot


listen 80; # managed by Certbot


I can use a sed operation to delete the row with listen 80 and another sed to add http2 after 443 ssl but I wonder if it can be done directly when executing:

certbot --nginx

Hi @benqzq,

There is no Certbot feature to remove the port 80 listener; the only available feature is to make port 80 serve an HTTP 301 redirect to port 443.

The reason for this is that security experts don’t recommend closing port 80.

Instead, they recommend Certbot’s existing behavior.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.