diff --git a/files/config/conf.d/ssl.conf b/files/config/conf.d/ssl.conf
index 4c4088a..59e4749 100644
--- a/files/config/conf.d/ssl.conf
+++ b/files/config/conf.d/ssl.conf
@@ -9,7 +9,6 @@ ssl_prefer_server_ciphers on;
 
 # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
 add_header Strict-Transport-Security "max-age=15768000";
-proxy_hide_header Strict-Transport-Security;
 
 # OCSP Stapling ---
 # fetch OCSP records from URL in ssl_certificate and cache them
diff --git a/templates/vhost.j2 b/templates/vhost.j2
index 81ec667..617b8ac 100644
--- a/templates/vhost.j2
+++ b/templates/vhost.j2
@@ -38,6 +38,9 @@ server {
 		proxy_hide_header Server;
 		proxy_hide_header X-AspNetMvc-Version;
 		proxy_hide_header X-AspNet-Version;
+
+		# no double headers
+		proxy_hide_header Strict-Transport-Security;
 	}
 	{% endif %}
 
@@ -50,7 +53,6 @@ server {
 	{% if vhost.letsencrypt|d(False) %}
 		ssl_certificate /etc/ssl/letsencrypt_{{ vhost_name }}_chained.crt;
 		ssl_certificate_key /etc/ssl/private/letsencrypt_{{ vhost_name }}.key;
-		ssl_trusted_certificate /etc/ssl/letsencrypt_full_chain.crt;
 		ssl_stapling_verify on;
 		ssl_stapling on;
 	{% endif %}