diff --git a/roles/nginx/templates/nginx.conf.j2 b/roles/nginx/templates/nginx.conf.j2
index 85c6ecc..80f7786 100644
--- a/roles/nginx/templates/nginx.conf.j2
+++ b/roles/nginx/templates/nginx.conf.j2
@@ -10,13 +10,6 @@ events {
 http {
     access_log {{ nginx_logdir }}/access.log combined;
 
-    proxy_ssl_certificate {{ tls_certs }}/{{ inventory_hostname }}.crt;
-    proxy_ssl_certificate_key {{ tls_private }}/{{ inventory_hostname }}.key;
-    proxy_ssl_trusted_certificate {{ tls_certs }}/ca.crt;
-    proxy_ssl_protocols TLSv1.2 TLSv1.3;
-    proxy_ssl_server_name on;
-    proxy_ssl_verify on;
-
     map $http_upgrade $connection_upgrade {
         default upgrade;
         '' close;
@@ -42,6 +35,13 @@ http {
         }
     }
 {% else %}
+    proxy_ssl_certificate {{ tls_certs }}/{{ inventory_hostname }}.crt;
+    proxy_ssl_certificate_key {{ tls_private }}/{{ inventory_hostname }}.key;
+    proxy_ssl_trusted_certificate {{ tls_certs }}/ca.crt;
+    proxy_ssl_protocols TLSv1.2 TLSv1.3;
+    proxy_ssl_server_name on;
+    proxy_ssl_verify on;
+
     ssl_session_timeout 1d;
     ssl_session_cache shared:MozSSL:10m;
     ssl_session_tickets off;