diff --git a/nginx/sites-available/itguys.com.br.conf b/nginx/sites-available/itguys.com.br.conf
index fc9978a..fdc2436 100644
--- a/nginx/sites-available/itguys.com.br.conf
+++ b/nginx/sites-available/itguys.com.br.conf
@@ -7,8 +7,6 @@
 # BLOCO HTTP: Redirecionar todo o tráfego para a versão segura e canónica (www)
 # ==============================================================================
 server {
-    listen 80;
-    listen [::]:80;
     # Escuta por ambos os domínios, com e sem 'www'.
     server_name itguys.com.br www.itguys.com.br;
 
@@ -21,6 +19,14 @@ server {
     location / {
         return 301 https://www.itguys.com.br$request_uri;
     }
+
+    listen [::]:443 ssl ipv6only=on; # managed by Certbot
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/www.itguys.com.br/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/www.itguys.com.br/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
 }
 
 # ==============================================================================
@@ -38,11 +44,6 @@ server {
         return 301 https://www.itguys.com.br$request_uri;
     }
 
-    # --- Certificados SSL (Geridos pelo Certbot) ---
-    # O Certbot irá preencher estas linhas. Lembre-se de o executar para ambos os domínios.
-    ssl_certificate /etc/letsencrypt/live/www.itguys.com.br/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/www.itguys.com.br/privkey.pem;
-
     # --- Cabeçalhos de Segurança Padrão ---
     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
     add_header X-Content-Type-Options "nosniff" always;
@@ -121,5 +122,29 @@ server {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
     }
+
+    ssl_certificate /etc/letsencrypt/live/www.itguys.com.br/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/www.itguys.com.br/privkey.pem; # managed by Certbot
 }
 
+
+server {
+    if ($host = itguys.com.br) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    if ($host = www.itguys.com.br) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    listen 80;
+    listen [::]:80;
+    server_name itguys.com.br www.itguys.com.br;
+    return 404; # managed by Certbot
+
+
+
+
+}
\ No newline at end of file