diff --git a/roles/libravatar/templates/httpd/libravatar.conf b/roles/libravatar/templates/httpd/libravatar.conf
index f34e3bdf31..9b1b38acea 100644
--- a/roles/libravatar/templates/httpd/libravatar.conf
+++ b/roles/libravatar/templates/httpd/libravatar.conf
@@ -1,16 +1,28 @@
 WSGISocketPrefix /var/run/wsgi
 RewriteEngine on
 
+<Directory "/var/www/html/.well-known/">
+    Require all granted
+</Directory>
+
 <VirtualHost *:80>
     ServerName {{ inventory_hostname }}
+    RewriteRule ^/\.well-known/(.*) /var/www/html/.well-known/$1 [L]
+    RewriteRule "^/?(.*)" "https://%{HTTP_HOST}/$1" [L,R=301,NE]
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName {{ inventory_hostname }}
+
+    SSLCertificateFile    /etc/letsencrypt/live/{{ inventory_hostname }}/cert.pem
+    SSLCertificateKeyFile  /etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem
+    SSLCertificateChainFile /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem
+    Header always add Strict-Transport-Security "max-age=31536000; preload"
 
     RewriteRule ^/\.well-known/(.*) /var/www/html/.well-known/$1 [L]
-    <Directory "/var/www/html/.well-known/">
-        Require all granted
-    </Directory>
 
     WSGIPassAuthorization On
-    WSGIDaemonProcess libravatar user=apache group=apache threads=25 display-name=libravatar maximum-requests=8000 graceful-timeout=20 python-home=/mnt/data/.virtualenv python-path=/srv/libravatar
+    WSGIDaemonProcess libravatar user=apache group=apache threads=25 display-name=libravatar maximum-requests=10000 graceful-timeout=20 python-home=/mnt/data/.virtualenv python-path=/srv/libravatar
     WSGIScriptAlias / /mnt/data/wsgi.py
 
     ScriptAlias "/cgi-bin/" "/mnt/data/cgi-bin/"
@@ -38,16 +50,24 @@ RewriteEngine on
         WSGIApplicationGroup %{GLOBAL}
         Require all granted
     </Directory>
+</VirtualHost>
 
+<VirtualHost *:443>
+    SSLCertificateFile    /etc/letsencrypt/live/{{ inventory_hostname }}/cert.pem
+    SSLCertificateKeyFile  /etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem
+    SSLCertificateChainFile /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem
+    Header always add Strict-Transport-Security "max-age=31536000; preload"
+
+    #ServerName {{ inventory_hostname }}
+    #RewriteRule "^/?(.*)" "https://%{HTTP_HOST}/$1" [L,R=301,NE]
 </VirtualHost>
 
 <IfModule mod_status.c>
     ExtendedStatus On
-
     <Location /server-status>
         SetHandler server-status
         Require all denied
-        Require host localhost .redhat.com
+        Require host localhost
     </Location>
 </IfModule>