Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" Header always set X-Frame-Options DENY Header always set X-Content-Type-Options nosniff DocumentRoot /var/www/renewal ServerName www.hory.me SSLEngine on SSLProtocol All -SSLv2 -SSLv3 -TLSv1 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA SSLHonorCipherOrder On SSLCompression off SSLCertificateFile /etc/letsencrypt/live/www.hory.me/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/www.hory.me/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/www.hory.me/chain.pem SSLCACertificateFile /etc/letsencrypt/live/www.hory.me/cert.pem