diff --git a/nginx/Dockerfile b/nginx/Dockerfile
index f0d810e1ad5887756b222c76d946561ea1bfdedd..8e1065fb4fd5b8eeff85c21a2a0ec44b0cdaf90f 100644
--- a/nginx/Dockerfile
+++ b/nginx/Dockerfile
@@ -3,11 +3,6 @@ FROM nginx:1.15.0-alpine
 RUN rm /etc/nginx/conf.d/default.conf
 
 ARG NGINX_CONF=nginx.conf
-ARG ACME_FILE
-ARG SSL_CERT
-ARG SSL_KEY
 
 COPY ${NGINX_CONF} /etc/nginx/conf.d/nginx.conf
-COPY ${SSL_CERT} /etc/certs/cert.pem
-COPY ${SSL_KEY} /etc/certs/key.pem
-COPY ${ACME_FILE} /usr/share/nginx/html/
+COPY ssl_certificates.conf* /etc/nginx/conf.d/
diff --git a/nginx/ssl.conf b/nginx/ssl.conf
index 345d3d6db4123f250649a3b0243e11c39982a236..911efb768baa7fb050e884a49883af24c2c9f428 100644
--- a/nginx/ssl.conf
+++ b/nginx/ssl.conf
@@ -15,13 +15,11 @@ server {
     charset     utf-8;
     client_max_body_size 150M;
 
-    ssl_certificate /etc/certs/cert.pem;
-    ssl_certificate_key /etc/certs/key.pem;
+    include conf.d/ssl_certificates.conf;
 
     # Performance + Privacy improvements
     ssl_stapling on;
     ssl_stapling_verify on;
-    ssl_trusted_certificate /etc/certs/cert.pem;
     resolver 8.8.8.8 208.67.222.222 valid=300s;
     resolver_timeout 5s;
 
diff --git a/nginx/ssl_certificates.conf_example b/nginx/ssl_certificates.conf_example
new file mode 100644
index 0000000000000000000000000000000000000000..c97a76c2788dc40022f31efc2862714c2de19ee6
--- /dev/null
+++ b/nginx/ssl_certificates.conf_example
@@ -0,0 +1,3 @@
+ssl_certificate /etc/certs/fullchain.pem;
+ssl_certificate_key /etc/certs/privkey.pem;
+ssl_trusted_certificate /etc/certs/fullchain.pem;
diff --git a/production.yml_example b/production.yml_example
index 8757ca0db60d778610b7809f69b70438942a10dd..0e5cc313ec3e8a48290ab5374a8f5b5e17c16bed 100644
--- a/production.yml_example
+++ b/production.yml_example
@@ -16,14 +16,15 @@ services:
        - "80:80"
       # - "443:443"
 
-      ### To enable SSL, generate keys with letsencrypt/certbot
+      ### To enable SSL, generate keys (eg with letsencrypt/certbot)
+      ### copy nginx/ssl_certificates.conf_example and edit it
+      ## if need be to correspond to the volume below
       ### and uncomment this block and the port 443
       # build:
       #   args:
       #     - NGINX_CONF=ssl.conf
-      #     - SSL_CERT=/etc/letsencrypt/live/$DOMAIN/fullchain.pem
-      #     - SSL_KEY=/etc/letsencrypt/live/$DOMAIN/privkey.pem
-      #     - ACME_FILE=./<some_hash>
+      # volumes:
+      #   - /etc/letsencrypt/live/<mydomain>:/etc/certs
 
     flower:
       restart: always