diff --git a/AppendCMS.sh b/AppendCMS.sh
index b29f433..35a34ff 100644
--- a/AppendCMS.sh
+++ b/AppendCMS.sh
@@ -212,9 +212,9 @@ if [ $sslenable = 1 ]; then
 msg "                Setting up SSL"
     site_ext=ssl
     if [ $domainwww = 1 ]; then
-        certbot --"$webserv" -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
+        certbot --"$webserv" certonly -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
     elif [ $domainwww = 0 ]; then
-        certbot --"$webserv" -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
+        certbot --"$webserv" certonly -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
     fi
     if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/ssl-handler.sh; then
         source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/ssl-handler.sh)
diff --git a/CoreModules/nginx/config/nginx/nginx-default.conf b/CoreModules/nginx/config/nginx/nginx-default.conf
index a74cb27..5904a85 100644
--- a/CoreModules/nginx/config/nginx/nginx-default.conf
+++ b/CoreModules/nginx/config/nginx/nginx-default.conf
@@ -39,6 +39,7 @@ http {
     gzip_disable "msie6";
     gzip_buffers 16 8k;
 
+    include /etc/nginx/snippets/ngx-ssl.conf;
 	include /etc/nginx/conf.d/*.conf;
 	include /etc/nginx/sites-enabled/*;
 }
\ No newline at end of file
diff --git a/CoreModules/nginx/config/nginx/site_ssl-unconfigured b/CoreModules/nginx/config/nginx/site_ssl-unconfigured
index 735d27c..5c1755f 100644
--- a/CoreModules/nginx/config/nginx/site_ssl-unconfigured
+++ b/CoreModules/nginx/config/nginx/site_ssl-unconfigured
@@ -10,8 +10,8 @@ server {
 }
 
 server {
-    listen 443 ssl;
-    listen [::]:443 ssl; 
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2; 
     server_name   DOMAINname;
     ssl_certificate /etc/letsencrypt/live/DOMAINname/fullchain.pem; 
     ssl_certificate_key /etc/letsencrypt/live/DOMAINname/privkey.pem; 
diff --git a/CoreModules/nginx/config/nginx/site_ssl-wwwredir b/CoreModules/nginx/config/nginx/site_ssl-wwwredir
index eb2373b..b85ae4d 100644
--- a/CoreModules/nginx/config/nginx/site_ssl-wwwredir
+++ b/CoreModules/nginx/config/nginx/site_ssl-wwwredir
@@ -8,8 +8,8 @@ server {
 
 server {
     #SSL www.domain > domain redirect
-    listen 443 ssl;
-    listen [::]:443 ssl; 
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2; 
     server_name   www.DOMAINname;
     ssl_certificate /etc/letsencrypt/live/DOMAINname/fullchain.pem; 
     ssl_certificate_key /etc/letsencrypt/live/DOMAINname/privkey.pem; 
diff --git a/Scripts/EnableSSL.sh b/Scripts/EnableSSL.sh
index 75ec5fa..b2f611b 100644
--- a/Scripts/EnableSSL.sh
+++ b/Scripts/EnableSSL.sh
@@ -18,9 +18,9 @@ systemctl reload $webservice
 
 #Enabling SSL
 if [ $domainwww = 1 ]; then
-   certbot --"$webserv" -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
+   certbot --"$webserv" certonly -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
 elif [ $domainwww = 0 ]; then
-   certbot --"$webserv" -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
+   certbot --"$webserv" certonly -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
 fi  
 
 #Restoring config
diff --git a/installer.sh b/installer.sh
index b6c52ed..59081bb 100644
--- a/installer.sh
+++ b/installer.sh
@@ -538,9 +538,9 @@ if [ $sslenable = 1 ]; then
     msg "                Setting up SSL" 8 78
     site_ext=ssl
     if [ $domainwww = 1 ]; then
-        certbot --"$webserv" -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
+        certbot --"$webserv" certonly -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
     elif [ $domainwww = 0 ]; then
-        certbot --"$webserv" -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
+        certbot --"$webserv" certonly -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
     fi
     certbot --"$webserv" -n -d "$hostname" -m "$email" --hsts --redirect --no-eff-email --agree-tos
     if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/ssl-handler.sh; then
@@ -577,7 +577,7 @@ fi
 #   Services   #
 ##------------##
 
-systemctl reload sshd fail2ban postfix postfix@-
+systemctl reload sshd fail2ban postfix postfix@- 
 
 
 ##-------##