diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf
index d6b3a610b7..b083457c83 100644
--- a/docker/nginx/nginx.conf
+++ b/docker/nginx/nginx.conf
@@ -1,3 +1,18 @@
+server {
+    # Listen only on port 81 for localhost, and nothing else.
+    server_name 127.0.0.1;
+    listen 127.0.0.1:81 default_server;
+
+    charset utf-8;
+
+    # Certbot's folder used for the ACME challenge response.
+    location ^~ /.well-known/acme-challenge {
+        default_type text/plain;
+        root /var/www/certbot;
+        try_files $uri =404;
+    }
+}
+
 server {
 
     listen [::]:80;
@@ -5,6 +20,10 @@ server {
 
     server_name %hostname%;
 
+    location '/.well-known/acme-challenge' {
+        proxy_pass http://localhost:81;
+    }
+
     # redirect all traffic to HTTPS
     rewrite ^ https://$host$request_uri? permanent;
 }
@@ -35,6 +54,13 @@ server {
         root /var/www/social;
     }
 
+    location /.well-known/acme-challenge/ {
+        allow all;
+        root /var/www/certbot;
+        try_files $uri =404;
+        break;
+    }
+
     # PHP
     location ~ ^/(index|install)\.php(/.*)?$ {
         include fastcgi_params;