diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml
index 5449a7b116..1c99a9de7a 100644
--- a/playbooks/include/proxies-websites.yml
+++ b/playbooks/include/proxies-websites.yml
@@ -48,6 +48,7 @@
 
   - role: httpd/website
     site_name: fedoraproject.org
+    sslonly: true
     cert_name: "{{wildcard_cert_name}}"
     server_aliases:
     - stg.fedoraproject.org
diff --git a/roles/httpd/website/templates/website.conf b/roles/httpd/website/templates/website.conf
index 5a4c55933e..e4cd6834cf 100644
--- a/roles/httpd/website/templates/website.conf
+++ b/roles/httpd/website/templates/website.conf
@@ -14,10 +14,14 @@
   ProxyPass "/.well-known/acme-challenge" "http://certgetter01/.well-known/acme-challenge"
 {% endif %}
 
+{% if site_name == "fedoraproject.org" %}
+  Alias /static/hotspot.txt /srv/web/fedoraproject.org/static/hotspot.txt
+{% endif %}
+
 {% if sslonly %}
   RewriteEngine On
-  RewriteCond %{HTTPS} off
   RewriteCond %{REQUEST_URI} !/.well-known/acme-challenge/.*
+  RewriteCond %{REQUEST_URI} !/static/hotspot.txt
   RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE]
 {% else %}
   Include "conf.d/{{ site_name }}/*.conf"