diff --git a/pastebook.conf b/pastebook.conf
index 2ef1a46..272c29f 100644
--- a/pastebook.conf
+++ b/pastebook.conf
@@ -8,9 +8,16 @@ server {
 }
 
 server {
-    listen 443;
+    listen 443 ssl;
     server_name <DOMAIN>;
 
+    ssl_certificate /etc/letsencrypt/live/<DOMAIN>/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/<DOMAIN>/privkey.pem;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+   	ssl_ciphers HIGH:!aNULL:!MD5;
+    ssl_prefer_server_ciphers on;
+    
     location / {
         proxy_buffering off;  
         proxy_set_header X-Real-IP $remote_addr;                                                                                                
@@ -18,9 +25,6 @@ server {
         proxy_set_header X-Forwarded-Port $server_port;                                                                                         
         proxy_pass http://localhost:3000/;   
     }
-
-    ssl_certificate /etc/letsencrypt/live/<DOMAIN>/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/<DOMAIN>/privkey.pem;
 }
 
 server {
@@ -33,9 +37,16 @@ server {
 }
 
 server {
-    listen 443;
+    listen 443 ssl;
     server_name api.<DOMAIN>;
 
+    ssl_certificate /etc/letsencrypt/live/<DOMAIN>/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/<DOMAIN>/privkey.pem;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+   	ssl_ciphers HIGH:!aNULL:!MD5;
+    ssl_prefer_server_ciphers on;
+
     client_max_body_size 6M;
 
     location / {
@@ -45,7 +56,4 @@ server {
         proxy_set_header X-Forwarded-Port $server_port;                                                                                         
         proxy_pass http://localhost:8080/;   
     }
-
-    ssl_certificate /etc/letsencrypt/live/<DOMAIN>/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/<DOMAIN>/privkey.pem;
 }