diff --git a/nginx/sites-enabled/opensnp.org.conf b/nginx/sites-enabled/opensnp.org.conf
index 8513ef2..4feaf3f 100644
--- a/nginx/sites-enabled/opensnp.org.conf
+++ b/nginx/sites-enabled/opensnp.org.conf
@@ -1,12 +1,27 @@
 server {
+    if ($host = opensnp.org) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
     listen 80;
     server_name opensnp.org;
     return 301 https://opensnp.org$request_uri;
+
+
 }
 
 server {
     server_name www.opensnp.org www.opensnp.net opensnp.net;
     return 301 https://opensnp.org$request_uri;
+
+
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/opensnp.org/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/opensnp.org/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
 }
 
 server {
@@ -14,6 +29,9 @@ server {
     server_name opensnp.org;
     include /etc/nginx/snippets/opensnp.org-common.conf;
     passenger_max_request_queue_size 200;
+
+    ssl_certificate /etc/letsencrypt/live/opensnp.org/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/opensnp.org/privkey.pem; # managed by Certbot
 }
 
 server {
@@ -21,3 +39,17 @@ server {
     server_name ~^localhost(:\d+)?$;
     include /etc/nginx/snippets/opensnp.org-common.conf;
 }
+
+
+server {
+    if ($host = www.opensnp.org) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    server_name www.opensnp.org www.opensnp.net opensnp.net;
+    listen 80;
+    return 404; # managed by Certbot
+
+
+}
\ No newline at end of file
diff --git a/renew_ssl_cert.cron b/renew_ssl_cert.cron
new file mode 100644
index 0000000..9861852
--- /dev/null
+++ b/renew_ssl_cert.cron
@@ -0,0 +1,3 @@
+MAILTO=''
+
+0 0 * * *  root  /usr/bin/certbot renew --nginx 2>&1 | xargs echo "$(date):" >> /var/log/renew_ssl_cert.log