diff --git a/files/config/conf.d/ssl.conf b/files/config/conf.d/ssl.conf
index 59e4749..f0ffbfd 100644
--- a/files/config/conf.d/ssl.conf
+++ b/files/config/conf.d/ssl.conf
@@ -8,9 +8,9 @@ ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECD
 ssl_prefer_server_ciphers on;
 
 # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
-add_header Strict-Transport-Security "max-age=15768000";
+add_header Strict-Transport-Security "max-age=15768000" always;
 
 # OCSP Stapling ---
 # fetch OCSP records from URL in ssl_certificate and cache them
-#ssl_stapling on;
-#ssl_stapling_verify on;
+ssl_stapling_verify on;
+ssl_stapling on;
diff --git a/templates/vhost.conf.j2 b/templates/vhost.conf.j2
index bf2ae04..8f8b5e3 100644
--- a/templates/vhost.conf.j2
+++ b/templates/vhost.conf.j2
@@ -64,7 +64,5 @@ server {
 	{% if vhost.letsencrypt|d(False) %}
 		ssl_certificate /etc/ssl/nginx_{{ vhost_name }}.chain.crt;
 		ssl_certificate_key /etc/ssl/private/nginx_{{ vhost_name }}.key;
-		ssl_stapling_verify on;
-		ssl_stapling on;
 	{% endif %}
 }