diff --git a/cockpit.conf b/cockpit.conf
index e519591..1513e1f 100644
--- a/cockpit.conf
+++ b/cockpit.conf
@@ -3,11 +3,6 @@ server {
     listen [::]:443 ssl;
     server_name portal.exozy.me;
 
-    ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
-
     location / {
         # Required to proxy the connection to Cockpit
         proxy_pass https://localhost:9090;
diff --git a/exozyme.conf b/exozyme.conf
index b350496..90e9ef0 100644
--- a/exozyme.conf
+++ b/exozyme.conf
@@ -12,11 +12,6 @@ server {
     listen [::]:443 ssl default_server;
     server_name exozy.me;
 
-    ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
-
     root /srv/http/exozyme;
     index index.html;
 
diff --git a/forgejo.conf b/forgejo.conf
index b1d1dcb..e4c2542 100644
--- a/forgejo.conf
+++ b/forgejo.conf
@@ -3,11 +3,6 @@ server {
     listen [::]:443 ssl;
     server_name git.exozy.me;
 
-    ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
-
     if ($http_user_agent = "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; spider-feedback@bytedance.com)") {
         return 444;
     }
diff --git a/guacamole.conf b/guacamole.conf
index 6705466..7541bce 100644
--- a/guacamole.conf
+++ b/guacamole.conf
@@ -3,11 +3,6 @@ server {
     listen [::]:443 ssl;
     server_name desk.exozy.me;
 
-    ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
-
     location / {
         proxy_pass http://localhost:4080/guacamole/;
         proxy_buffering off;
diff --git a/iacore.conf b/iacore.conf
index b42b20b..ebfd1ca 100644
--- a/iacore.conf
+++ b/iacore.conf
@@ -5,8 +5,6 @@ server {
 
     ssl_certificate /etc/letsencrypt/live/www2.1a-insec.net/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/www2.1a-insec.net/privkey.pem;
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 
     location / {
         proxy_pass http://unix:/srv/http/pages/xrablnhmov;
diff --git a/jupyterhub.conf b/jupyterhub.conf
index e1c5169..c5ecf7f 100644
--- a/jupyterhub.conf
+++ b/jupyterhub.conf
@@ -3,11 +3,6 @@ server {
     listen [::]:443 ssl;
     server_name hub.exozy.me;
 
-    ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
-
     location ~ ^/user/(.*)/desk/(.*)$ {
         return 301 /hub/desk/$2;
     }
diff --git a/mastodon.conf b/mastodon.conf
index 89045e0..fbf0658 100644
--- a/mastodon.conf
+++ b/mastodon.conf
@@ -26,11 +26,6 @@ server {
     listen [::]:443 ssl;
     server_name social.exozy.me;
 
-    ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
-
     keepalive_timeout 70;
     sendfile on;
     client_max_body_size 99m;
diff --git a/mdwalters.conf b/mdwalters.conf
index 0e1acbf..d0d1bd1 100644
--- a/mdwalters.conf
+++ b/mdwalters.conf
@@ -5,8 +5,6 @@ server {
 
     ssl_certificate /etc/letsencrypt/live/mdwalters.exozy.me/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/mdwalters.exozy.me/privkey.pem;
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 
     location / {
         proxy_pass http://localhost:5173;
@@ -24,8 +22,6 @@ server {
 
     ssl_certificate /etc/letsencrypt/live/mdwalters.exozy.me/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/mdwalters.exozy.me/privkey.pem;
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 
     location / {
         proxy_pass http://localhost:1342;
@@ -43,8 +39,6 @@ server {
 
     ssl_certificate /etc/letsencrypt/live/mdwalters.exozy.me/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/mdwalters.exozy.me/privkey.pem;
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 
     location / {
         proxy_pass http://localhost:1341;
@@ -67,8 +61,6 @@ server {
 
     ssl_certificate /etc/letsencrypt/live/mdwalters.exozy.me/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/mdwalters.exozy.me/privkey.pem;
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 
     location / {
         proxy_pass http://localhost:1351;
diff --git a/nextcloud.conf b/nextcloud.conf
index 374fe28..f3a34f2 100644
--- a/nextcloud.conf
+++ b/nextcloud.conf
@@ -22,10 +22,6 @@ server {
 
     # Use Mozilla's guidelines for SSL/TLS settings
     # https://mozilla.github.io/server-side-tls/ssl-config-generator/
-    ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 
     # HSTS settings
     # WARNING: Only add the preload option once you read about
@@ -33,7 +29,7 @@ server {
     # will add the domain to a hardcoded list that is shipped
     # in all major browsers and getting removed from this list
     # could take several months.
-    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
+    #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
 
     # set max upload size and increase upload timeout:
     client_max_body_size 16G;
diff --git a/nvpie.conf b/nvpie.conf
index c67d4d4..a9b4005 100644
--- a/nvpie.conf
+++ b/nvpie.conf
@@ -5,8 +5,6 @@ server {
 
     ssl_certificate /etc/letsencrypt/live/neovoid.is-cool.dev/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/neovoid.is-cool.dev/privkey.pem;
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 
     location / {
         proxy_pass http://unix:/srv/http/pages/nvpie;
diff --git a/pages.conf b/pages.conf
index bec2640..98aea5d 100644
--- a/pages.conf
+++ b/pages.conf
@@ -3,11 +3,6 @@ server {
     listen [::]:443 ssl;
     server_name ~^(\d)\.exozy\.me;
 
-    ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
-
     index index.html;
 
     location / {
@@ -30,11 +25,6 @@ server {
     listen [::]:443 ssl;
     server_name ~^(?<page>.+)\.exozy\.me;
 
-    ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
-
     root /srv/http/pages/$page;
     index index.html;
 
diff --git a/peertube.conf b/peertube.conf
index c97be45..d2df1bc 100644
--- a/peertube.conf
+++ b/peertube.conf
@@ -11,14 +11,6 @@ server {
     listen 443 ssl;
     listen [::]:443 ssl;
     server_name tube.exozy.me;
-    ##
-    # Certificates
-    # you need a certificate to run in production. see https://letsencrypt.org/
-    ##
-    ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 
     ##
     # Application
diff --git a/pranav.conf b/pranav.conf
index 5ed44f9..3150f4d 100644
--- a/pranav.conf
+++ b/pranav.conf
@@ -5,8 +5,6 @@ server {
 
     ssl_certificate /home/pranav/.local/share/cert/karawale.in/fullchain.pem;
     ssl_certificate_key /home/pranav/.local/share/cert/karawale.in/key.pem;
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 
     location / {
         proxy_pass http://unix:/srv/http/pages/pranav;
diff --git a/redirect.conf b/redirect.conf
index 0dbe295..e838048 100644
--- a/redirect.conf
+++ b/redirect.conf
@@ -3,11 +3,6 @@ server {
     listen [::]:443 ssl;
     server_name ta180m.exozy.me;
 
-    ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
-
     location / {
         return 301 https://a.exozy.me$request_uri;
     }
diff --git a/safetwitch.conf b/safetwitch.conf
index fb9da44..8366dc8 100644
--- a/safetwitch.conf
+++ b/safetwitch.conf
@@ -3,11 +3,6 @@ server {
     listen [::]:443 ssl;
     server_name safetwitch.exozy.me;
 
-    ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
-
     root /srv/http/pages/safetwitch;
     index index.html;
 
diff --git a/synapse.conf b/synapse.conf
index 4a5e188..7522bae 100644
--- a/synapse.conf
+++ b/synapse.conf
@@ -3,11 +3,6 @@ server {
     listen [::]:443 ssl;
     server_name chat.exozy.me;
 
-    ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
-
     location / {
         proxy_pass http://localhost:8008;
         proxy_set_header X-Forwarded-For $remote_addr;
diff --git a/woodpecker.conf b/woodpecker.conf
index d0eaafc..982160e 100644
--- a/woodpecker.conf
+++ b/woodpecker.conf
@@ -3,11 +3,6 @@ server {
     listen [::]:443 ssl;
     server_name ci.exozy.me;
 
-    ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
-
     location / {
         proxy_set_header X-Forwarded-For $remote_addr;
         proxy_set_header X-Forwarded-Proto $scheme;
diff --git a/xtex.conf b/xtex.conf
index 2b83434..163fe36 100644
--- a/xtex.conf
+++ b/xtex.conf
@@ -5,8 +5,6 @@ server {
 
     ssl_certificate /etc/letsencrypt/live/xtexx.eu.org/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/xtexx.eu.org/privkey.pem;
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 
     add_header Server exozyme;
 
@@ -31,8 +29,6 @@ server {
 
     ssl_certificate /etc/letsencrypt/live/xtexx.eu.org/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/xtexx.eu.org/privkey.pem;
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 
     add_header Server exozyme;