diff --git a/tmpl/handler-nginx.conf b/tmpl/handler-nginx.conf
index 3651d0d..a4c4071 100644
--- a/tmpl/handler-nginx.conf
+++ b/tmpl/handler-nginx.conf
@@ -18,17 +18,29 @@ include /etc/lemonldap-ng/nginx-lmlog.conf;
 
 server {
   listen 80;
-  server_name reload.example.com;
+  server_name %%reloadWebName;
+  return 301 https://$host$request_uri;
+}
+
+server {
+  listen 443;
+  ssl on;
+%if %%cert_type == "letsencrypt"
+  ssl_certificate %%le_config_dir/live/%%managerWebName/cert.pem;
+  ssl_certificate_key %%le_config_dir/live/%%managerWebName/privkey.pem;
+%else
+  ssl_certificate    %%server_cert;
+  ssl_certificate_key     %%server_key;
+%end if
+  ssl_client_certificate  /etc/ssl/certs/ca.crt;
+  access_log  /var/log/nginx/manager-lemon-ldap.access-ssl.log;
+  server_name %%reloadWebName;
   root /var/www/html;
 
-  # Uncomment this if you are running behind a reverse proxy and want
-  # LemonLDAP::NG to see the real IP address of the end user
-  # Adjust the settings to match the IP address of your reverse proxy
-  # and the header containing the original IP address
-  # As an alternative, you can use the PROXY protocol
-  #
-  #set_real_ip_from  127.0.0.1;
-  #real_ip_header    X-Forwarded-For;
+  error_page   403 404 502 503 504  /nginx.html;
+  location = /nginx.html{
+       root /usr/share/nginx/www;
+    }
 
   location = /reload {
     allow 127.0.0.1;
@@ -53,17 +65,4 @@ server {
     #add_header Strict-Transport-Security "max-age=15768000";
   }
 
-  # Uncomment this if status is enabled
-  #location = /status {
-  #  allow 127.0.0.1;
-  #  deny all;
-  #  # FastCGI configuration
-  #  include /etc/nginx/fastcgi_params;
-  #  fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
-  #  fastcgi_param LLTYPE status;
-  #  # OR TO USE uWSGI
-  #  #include /etc/nginx/uwsgi_params;
-  #  #uwsgi_pass 127.0.0.1:5000;
-  #  #uwsgi_param LLTYPE status;
-  #}
 }
diff --git a/tmpl/manager-nginx.conf b/tmpl/manager-nginx.conf
index 3c2deaa..ec288e5 100644
--- a/tmpl/manager-nginx.conf
+++ b/tmpl/manager-nginx.conf
@@ -1,18 +1,29 @@
 server {
   listen 80;
-  server_name manager.example.com;
-  root /usr/share/lemonldap-ng/manager/htdocs/;
-  # Use "lm_app" format to get username in nginx.log (see nginx-lmlog.conf)
-  #access_log /var/log/nginx/portal.log lm_app;
+  server_name %%managerWebName;
+  return 301 https://$host$request_uri;
+}
 
-  # Uncomment this if you are running behind a reverse proxy and want
-  # LemonLDAP::NG to see the real IP address of the end user
-  # Adjust the settings to match the IP address of your reverse proxy
-  # and the header containing the original IP address
-  # As an alternative, you can use the PROXY protocol
-  #
-  #set_real_ip_from  127.0.0.1;
-  #real_ip_header    X-Forwarded-For;
+server {
+  listen 443;
+  ssl on;
+  %if %%cert_type == "letsencrypt"
+  ssl_certificate %%le_config_dir/live/%%managerWebName/cert.pem;
+  ssl_certificate_key %%le_config_dir/live/%%managerWebName/privkey.pem;
+%else
+  ssl_certificate    %%server_cert;
+  ssl_certificate_key     %%server_key;
+%end if
+  ssl_client_certificate  /etc/ssl/certs/ca.crt;
+  access_log  /var/log/nginx/manager-lemon-ldap.access-ssl.log;
+  server_name %%managerWebName;
+
+  error_page   403 404 502 503 504  /nginx.html;
+  location = /nginx.html{
+    root /usr/share/nginx/www;
+  } 
+
+  root /usr/share/lemonldap-ng/manager/htdocs/;
 
   if ($uri !~ ^/(.*\.psgi|static|doc|lib|javascript|favicon)) {
     rewrite ^/(.*)$ /manager.psgi/$1 break;
diff --git a/tmpl/portal-nginx.conf b/tmpl/portal-nginx.conf
index e063efd..32464a1 100644
--- a/tmpl/portal-nginx.conf
+++ b/tmpl/portal-nginx.conf
@@ -7,19 +7,24 @@
 
 server {
   listen 80;
-  server_name auth.example.com;
-  root /usr/share/lemonldap-ng/portal/htdocs/;
-  # Use "lm_app" format to get username in nginx.log (see nginx-lmlog.conf)
-  #access_log /var/log/nginx/portal.log lm_app;
+  server_name %%authWebName;
+  return 301 https://$host$request_uri;
+}
 
-  # Uncomment this if you are running behind a reverse proxy and want
-  # LemonLDAP::NG to see the real IP address of the end user
-  # Adjust the settings to match the IP address of your reverse proxy
-  # and the header containing the original IP address
-  # As an alternative, you can use the PROXY protocol
-  #
-  #set_real_ip_from  127.0.0.1;
-  #real_ip_header    X-Forwarded-For;
+server {
+  listen 443;
+  ssl on;
+%if %%cert_type == "letsencrypt"
+  ssl_certificate %%le_config_dir/live/%%authWebName/cert.pem;
+  ssl_certificate_key %%le_config_dir/live/%%authWebName/privkey.pem;
+%else
+  ssl_certificate %%server_cert;
+  ssl_certificate_key %%server_key;
+%end if
+  ssl_client_certificate /etc/ssl/certs/ca..crt;
+  access_log /var/log/nginx/auth-lemon-ldap.access-ssl.log;
+  server_name %%authWebName;
+  root /usr/share/lemonldap-ng/portal/htdocs/;
 
   if ($uri !~ ^/((static|javascript|favicon).*|.*\.psgi)) {
     rewrite ^/(.*)$ /index.psgi/$1 break;
@@ -35,17 +40,6 @@ server {
     fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
     fastcgi_split_path_info ^(.*\.psgi)(/.*)$;
     fastcgi_param PATH_INFO  $fastcgi_path_info;
-    # Uncomment this if you use Auth SSL:
-    #fastcgi_param  SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn;
-
-    # OR TO USE uWSGI
-    #include /etc/nginx/uwsgi_params;
-    #uwsgi_pass 127.0.0.1:5000;
-    #uwsgi_param LLTYPE psgi;
-    #uwsgi_param SCRIPT_FILENAME $document_root$sc;
-    #uwsgi_param SCRIPT_NAME $sc;
-    # Uncomment this if you use Auth SSL:
-    #uwsgi_param  SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn;
 
   }
 
diff --git a/tmpl/test-nginx.conf b/tmpl/test-nginx.conf
index 8dcf62b..87e170f 100644
--- a/tmpl/test-nginx.conf
+++ b/tmpl/test-nginx.conf
@@ -1,16 +1,19 @@
 server {
   listen 80;
-  server_name test1.example.com test2.example.com;
-  root /var/lib/lemonldap-ng/test/;
+  server_name test1.%%nom_domaine_local test2.%%nom_domaine_local;
+  return 301 https://$host$request_uri;
+}
 
-  # Uncomment this if you are running behind a reverse proxy and want
-  # LemonLDAP::NG to see the real IP address of the end user
-  # Adjust the settings to match the IP address of your reverse proxy
-  # and the header containing the original IP address
-  # As an alternative, you can use the PROXY protocol
-  #
-  #set_real_ip_from  127.0.0.1;
-  #real_ip_header    X-Forwarded-For;
+server {
+  listen 443;
+  ssl on;
+  ssl_certificate    %%server_cert;
+  ssl_certificate_key     %%server_key;
+  ssl_client_certificate  /etc/ssl/certs/ca.crt;
+  access_log  /var/log/nginx/test1-2-lemon-ldap.access-ssl.log;
+
+  server_name test1.%%nom_domaine_local test2.%%nom_domaine_local;
+  root /var/lib/lemonldap-ng/test/;
 
   # Internal authentication request
   location = /lmauth {
@@ -30,17 +33,6 @@ server {
     #fastcgi_buffer_size 32k;
     #fastcgi_buffers 32 32k;
     
-
-    # OR TO USE uWSGI
-    #include /etc/nginx/uwsgi_params;
-    #uwsgi_pass 127.0.0.1:5000;
-    #uwsgi_pass_request_body  off;
-    #uwsgi_param CONTENT_LENGTH "";
-    #uwsgi_param HOST $http_host;
-    #uwsgi_param X_ORIGINAL_URI  $request_uri;
-    # Improve performances
-    #uwsgi_buffer_size 32k;
-    #uwsgi_buffers 32 32k;
   }
 
   # Client requests