diff --git a/nginx.conf b/nginx.conf
index 41f0e1d..4d64307 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -1,9 +1,24 @@
 events {}
 
 http {
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+
+    proxy_set_header X-Forwarded-Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+
     server {
         listen 80;
-        server_name vps.gerardgascon.com;
+        server_name vps.gerardgascon.com git.gerardgascon.com media.gerardgascon.com;
+
+        location ^~ /.well-known/acme-challenge/ {
+            root /var/www/certbot;
+            default_type "text/plain";
+            try_files $uri =404;
+        }
 
         return 301 https://$host$request_uri;
     }
@@ -19,13 +34,6 @@ http {
         index index.html;
     }
 
-    server {
-        listen 80;
-        server_name git.gerardgascon.com;
-
-        return 301 https://$host$request_uri;
-    }
-
     server {
         listen 443 ssl;
         server_name git.gerardgascon.com;
@@ -35,10 +43,18 @@ http {
 
         location / {
             proxy_pass http://100.86.144.2:3002/;
-            proxy_set_header X-Forwarded-Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+    }
+
+    server {
+        listen 443 ssl;
+        server_name media.gerardgascon.com;
+
+        ssl_certificate /etc/letsencrypt/live/media.gerardgascon.com/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/media.gerardgascon.com/privkey.pem;
+
+        location / {
+            proxy_pass http://100.86.144.2:8097/;
         }
     }
 }