diff --git a/cert.renew b/cert.renew
new file mode 100755
index 0000000..e5907d4
--- /dev/null
+++ b/cert.renew
@@ -0,0 +1,3 @@
+#!/bin/bash
+# https://habr.com/ru/articles/735712/
+certbot certonly --manual --preferred-challenges http -d "kornerr.ru"
diff --git a/cert.setup b/cert.setup
new file mode 100755
index 0000000..a2323f6
--- /dev/null
+++ b/cert.setup
@@ -0,0 +1,3 @@
+#!/bin/bash
+# https://habr.com/ru/articles/735712/
+brew install certbot
diff --git a/nginx/cfg b/nginx/cfg
index 079181e..834b7c1 100644
--- a/nginx/cfg
+++ b/nginx/cfg
@@ -1,11 +1,17 @@
+# Redirect HTTP to HTTPS
 server {
-  listen 80 default_server;
-  listen [::]:80 default_server;
+  listen 80;
+  server_name kornerr.ru;
+  return 301 https://$server_name$request_uri;
+}
+
+server {
+  listen 443 ssl;
+  server_name kornerr.ru;
+
+  ssl_certificate /etc/encrypt/fullchain.pem;
+  ssl_certificate_key /etc/encrypt/privkey.pem;
 
-  # SSL configuration
-  #
-  # listen 443 ssl default_server;
-  # listen [::]:443 ssl default_server;
   #
   # Note: You should disable gzip for SSL traffic.
   # See: https://bugs.debian.org/773332
diff --git a/squid/cfg b/squid/cfg
index e2203c2..9f3c130 100644
--- a/squid/cfg
+++ b/squid/cfg
@@ -1,4 +1,4 @@
-acl tul src 83.221.16.86
+acl tul src 83.221.16.80
 http_access allow tul
 http_access deny all
 http_port 3128