diff --git a/Dockerfile b/Dockerfile
index 12e2c8b..f30022a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -10,13 +10,12 @@ RUN apt-get update && apt-get install -y \
     nginx \
     ruby \
     ruby-dev
-RUN gem update --system
 RUN gem install jekyll
 
 # Install badssl.com
-ADD . badssl.com
-WORKDIR badssl.com
+ADD . /badssl.com
+WORKDIR /badssl.com
 RUN make inside-docker
 
 # Start things up!
-CMD nginx && tail -f /var/log/nginx/access.log /var/log/nginx/error.log
+CMD ["/bin/bash", "-c", "nginx && tail -f /var/log/nginx/access.log /var/log/nginx/error.log"]
diff --git a/certs/Makefile b/certs/Makefile
index 5f25483..db3fb24 100644
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -93,12 +93,12 @@ $(O)/gen/crt/ca-intermediate.crt: src/conf/ca-intermediate.conf $(O)/gen/csr/ca-
 $(O)/gen/key/leaf-main.key:
 	./tool gen-key $@ $(D) 2048
 $(O)/gen/csr/wildcard-main.csr: src/conf/wildcard.conf $(O)/gen/key/leaf-main.key
-       ./tool gen-csr $@ $(D) $^
+	./tool gen-csr $@ $(D) $^
 $(O)/gen/crt/wildcard-main.crt: src/conf/wildcard.conf $(O)/gen/csr/wildcard-main.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
-       ./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
+	./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
 CHAINS_PROD += $(O)/gen/chain/wildcard-main.pem
 $(O)/gen/chain/wildcard-main.pem: $(O)/gen/crt/wildcard-main.crt $(O)/gen/crt/ca-intermediate.crt
-       ./tool chain $@ $(D) $^
+	./tool chain $@ $(D) $^
 
 ################################
 $(O)/gen/csr/fallback.csr: src/conf/fallback.conf $(O)/gen/key/leaf-main.key
diff --git a/nginx-includes/subdomain-1000-sans.conf b/nginx-includes/subdomain-1000-sans.conf
index 41c0ffa..9df4430 100644
--- a/nginx-includes/subdomain-1000-sans.conf
+++ b/nginx-includes/subdomain-1000-sans.conf
@@ -1,6 +1,5 @@
 ---
 ---
 
-ssl on;
 ssl_certificate {{ site.cert-path }}/subdomain-1000-sans.pem;
 ssl_certificate_key /etc/keys/leaf-main.key;
diff --git a/nginx-includes/subdomain-10000-sans.conf b/nginx-includes/subdomain-10000-sans.conf
index 9174394..776ade3 100644
--- a/nginx-includes/subdomain-10000-sans.conf
+++ b/nginx-includes/subdomain-10000-sans.conf
@@ -1,6 +1,5 @@
 ---
 ---
 
-ssl on;
 ssl_certificate {{ site.cert-path }}/subdomain-10000-sans.pem;
 ssl_certificate_key /etc/keys/leaf-main.key;
diff --git a/nginx-includes/subdomain-blocked-interception.conf b/nginx-includes/subdomain-blocked-interception.conf
index b2aad24..67b6501 100644
--- a/nginx-includes/subdomain-blocked-interception.conf
+++ b/nginx-includes/subdomain-blocked-interception.conf
@@ -1,6 +1,5 @@
 ---
 ---
 
-ssl on;
 ssl_certificate {{ site.cert-path }}/subdomain-blocked-interception.pem;
 ssl_certificate_key /etc/keys/leaf-blocked-interception.key;
diff --git a/nginx-includes/subdomain-captive-portal.conf b/nginx-includes/subdomain-captive-portal.conf
index aa133c0..8845b72 100644
--- a/nginx-includes/subdomain-captive-portal.conf
+++ b/nginx-includes/subdomain-captive-portal.conf
@@ -1,6 +1,5 @@
 ---
 ---
 
-ssl on;
 ssl_certificate {{ site.cert-path }}/subdomain-captive-portal.pem;
 ssl_certificate_key /etc/keys/leaf-captive-portal.key;
diff --git a/nginx-includes/subdomain-invalid-expected-sct.conf b/nginx-includes/subdomain-invalid-expected-sct.conf
index 4dbebd1..48d4fbf 100644
--- a/nginx-includes/subdomain-invalid-expected-sct.conf
+++ b/nginx-includes/subdomain-invalid-expected-sct.conf
@@ -1,6 +1,5 @@
 ---
 ---
 
-ssl on;
 ssl_certificate {{ site.cert-path }}/subdomain-invalid-expected-sct.pem;
 ssl_certificate_key /etc/keys/leaf-main.key;
diff --git a/nginx-includes/subdomain-known-interception.conf b/nginx-includes/subdomain-known-interception.conf
index 6922e11..cfa5bf2 100644
--- a/nginx-includes/subdomain-known-interception.conf
+++ b/nginx-includes/subdomain-known-interception.conf
@@ -1,6 +1,5 @@
 ---
 ---
 
-ssl on;
 ssl_certificate {{ site.cert-path }}/subdomain-known-interception.pem;
 ssl_certificate_key /etc/keys/leaf-known-interception.key;
diff --git a/nginx-includes/subdomain-mitm-software.conf b/nginx-includes/subdomain-mitm-software.conf
index fa1ecd6..08c5aac 100644
--- a/nginx-includes/subdomain-mitm-software.conf
+++ b/nginx-includes/subdomain-mitm-software.conf
@@ -1,6 +1,5 @@
 ---
 ---
 
-ssl on;
 ssl_certificate {{ site.cert-path }}/subdomain-mitm-software.pem;
 ssl_certificate_key /etc/keys/leaf-main.key;
\ No newline at end of file
diff --git a/nginx-includes/subdomain-no-common-name.conf b/nginx-includes/subdomain-no-common-name.conf
index 9ce05b3..4d903b0 100644
--- a/nginx-includes/subdomain-no-common-name.conf
+++ b/nginx-includes/subdomain-no-common-name.conf
@@ -1,6 +1,5 @@
 ---
 ---
 
-ssl on;
 ssl_certificate {{ site.cert-path }}/subdomain-no-common-name.pem;
 ssl_certificate_key /etc/keys/leaf-main.key;
diff --git a/nginx-includes/subdomain-no-san.conf b/nginx-includes/subdomain-no-san.conf
index 6797988..15430a4 100644
--- a/nginx-includes/subdomain-no-san.conf
+++ b/nginx-includes/subdomain-no-san.conf
@@ -1,6 +1,5 @@
 ---
 ---
 
-ssl on;
 ssl_certificate {{ site.cert-path }}/subdomain-no-san.pem;
 ssl_certificate_key /etc/keys/leaf-main.key;
diff --git a/nginx-includes/subdomain-no-sct.conf b/nginx-includes/subdomain-no-sct.conf
index 4debb01..ae21a18 100644
--- a/nginx-includes/subdomain-no-sct.conf
+++ b/nginx-includes/subdomain-no-sct.conf
@@ -1,6 +1,5 @@
 ---
 ---
 
-ssl on;
 ssl_certificate {{ site.cert-path }}/subdomain-no-sct.pem;
 ssl_certificate_key /etc/keys/leaf-main.key;
diff --git a/nginx-includes/subdomain-no-subject.conf b/nginx-includes/subdomain-no-subject.conf
index 00d9fe4..2564d64 100644
--- a/nginx-includes/subdomain-no-subject.conf
+++ b/nginx-includes/subdomain-no-subject.conf
@@ -1,6 +1,5 @@
 ---
 ---
 
-ssl on;
 ssl_certificate {{ site.cert-path }}/subdomain-no-subject.pem;
 ssl_certificate_key /etc/keys/leaf-main.key;
diff --git a/nginx-includes/subdomain-preloaded-expect-ct.conf b/nginx-includes/subdomain-preloaded-expect-ct.conf
index ba3c8b0..669e872 100644
--- a/nginx-includes/subdomain-preloaded-expect-ct.conf
+++ b/nginx-includes/subdomain-preloaded-expect-ct.conf
@@ -1,7 +1,6 @@
 ---
 ---
 
-ssl on;
 ssl_certificate {{ site.cert-path }}/subdomain-preloaded-expect-ct.pem;
 ssl_certificate_key /etc/keys/leaf-main.key;
 
diff --git a/nginx-includes/subdomain-reversed-chain.conf b/nginx-includes/subdomain-reversed-chain.conf
index 18c8f1b..4eab17e 100644
--- a/nginx-includes/subdomain-reversed-chain.conf
+++ b/nginx-includes/subdomain-reversed-chain.conf
@@ -1,6 +1,5 @@
 ---
 ---
 
-ssl on;
 ssl_certificate {{ site.cert-path }}/subdomain-reversed-chain.pem;
 ssl_certificate_key /etc/keys/ca-intermediate.key;
diff --git a/nginx-includes/subdomain-revoked.conf b/nginx-includes/subdomain-revoked.conf
index 800759a..7b4e032 100644
--- a/nginx-includes/subdomain-revoked.conf
+++ b/nginx-includes/subdomain-revoked.conf
@@ -1,6 +1,5 @@
 ---
 ---
 
-ssl on;
 ssl_certificate {{ site.cert-path }}/subdomain-revoked.pem;
 ssl_certificate_key /etc/keys/leaf-revoked.key;
diff --git a/nginx-includes/subdomain-xn--n1aae7f7o.conf b/nginx-includes/subdomain-xn--n1aae7f7o.conf
index cc6f8cd..8db783d 100644
--- a/nginx-includes/subdomain-xn--n1aae7f7o.conf
+++ b/nginx-includes/subdomain-xn--n1aae7f7o.conf
@@ -1,6 +1,5 @@
 ---
 ---
 
-ssl on;
 ssl_certificate {{ site.cert-path }}/subdomain-xn--n1aae7f7o.pem;
 ssl_certificate_key /etc/keys/leaf-main.key;
diff --git a/nginx-includes/wildcard-ecc256.conf b/nginx-includes/wildcard-ecc256.conf
index 74d9c96..af9ad12 100644
--- a/nginx-includes/wildcard-ecc256.conf
+++ b/nginx-includes/wildcard-ecc256.conf
@@ -1,6 +1,5 @@
 ---
 ---
 
-ssl on;
 ssl_certificate {{ site.cert-path }}/wildcard-ecc256.pem;
 ssl_certificate_key /etc/keys/leaf-ecc256.key;
diff --git a/nginx-includes/wildcard-ecc384.conf b/nginx-includes/wildcard-ecc384.conf
index 642d205..17fdb95 100644
--- a/nginx-includes/wildcard-ecc384.conf
+++ b/nginx-includes/wildcard-ecc384.conf
@@ -1,6 +1,5 @@
 ---
 ---
 
-ssl on;
 ssl_certificate {{ site.cert-path }}/wildcard-ecc384.pem;
 ssl_certificate_key /etc/keys/leaf-ecc384.key;
diff --git a/nginx-includes/wildcard-expired.conf b/nginx-includes/wildcard-expired.conf
index 1ae9163..b872524 100644
--- a/nginx-includes/wildcard-expired.conf
+++ b/nginx-includes/wildcard-expired.conf
@@ -1,6 +1,5 @@
 ---
 ---
 
-ssl on;
 ssl_certificate {{ site.cert-path }}/wildcard-expired.pem;
 ssl_certificate_key /etc/keys/leaf-main.key;
diff --git a/nginx-includes/wildcard-fallback.conf b/nginx-includes/wildcard-fallback.conf
index ab8fc30..223e7be 100644
--- a/nginx-includes/wildcard-fallback.conf
+++ b/nginx-includes/wildcard-fallback.conf
@@ -1,6 +1,6 @@
 ---
 ---
 
-ssl on;
+
 ssl_certificate {{ site.cert-path }}/fallback.pem;
 ssl_certificate_key /etc/keys/leaf-main.key;
diff --git a/nginx-includes/wildcard-incomplete-chain.conf b/nginx-includes/wildcard-incomplete-chain.conf
index 4c7a0c8..4649dc7 100644
--- a/nginx-includes/wildcard-incomplete-chain.conf
+++ b/nginx-includes/wildcard-incomplete-chain.conf
@@ -1,6 +1,5 @@
 ---
 ---
 
-ssl on;
 ssl_certificate {{ site.cert-path }}/wildcard-incomplete-chain.pem;
 ssl_certificate_key /etc/keys/leaf-main.key;
diff --git a/nginx-includes/wildcard-rsa2048.conf b/nginx-includes/wildcard-rsa2048.conf
index 90b78e2..cdc2c0d 100644
--- a/nginx-includes/wildcard-rsa2048.conf
+++ b/nginx-includes/wildcard-rsa2048.conf
@@ -1,6 +1,5 @@
 ---
 ---
 
-ssl on;
 ssl_certificate {{ site.cert-path }}/wildcard-rsa2048.pem;
 ssl_certificate_key /etc/keys/leaf-rsa2048.key;
diff --git a/nginx-includes/wildcard-rsa3072.conf b/nginx-includes/wildcard-rsa3072.conf
index c4ca5f9..424773c 100644
--- a/nginx-includes/wildcard-rsa3072.conf
+++ b/nginx-includes/wildcard-rsa3072.conf
@@ -1,6 +1,5 @@
 ---
 ---
 
-ssl on;
 ssl_certificate {{ site.cert-path }}/wildcard-rsa3072.pem;
 ssl_certificate_key /etc/keys/leaf-rsa3072.key;
diff --git a/nginx-includes/wildcard-rsa4096.conf b/nginx-includes/wildcard-rsa4096.conf
index 65d0e62..b849d71 100644
--- a/nginx-includes/wildcard-rsa4096.conf
+++ b/nginx-includes/wildcard-rsa4096.conf
@@ -1,6 +1,5 @@
 ---
 ---
 
-ssl on;
 ssl_certificate {{ site.cert-path }}/wildcard-rsa4096.pem;
 ssl_certificate_key /etc/keys/leaf-rsa4096.key;
diff --git a/nginx-includes/wildcard-rsa8192.conf b/nginx-includes/wildcard-rsa8192.conf
index be5878a..ec6d1e3 100644
--- a/nginx-includes/wildcard-rsa8192.conf
+++ b/nginx-includes/wildcard-rsa8192.conf
@@ -1,6 +1,5 @@
 ---
 ---
 
-ssl on;
 ssl_certificate {{ site.cert-path }}/wildcard-rsa8192.pem;
 ssl_certificate_key /etc/keys/leaf-rsa8192.key;
diff --git a/nginx-includes/wildcard-self-signed.conf b/nginx-includes/wildcard-self-signed.conf
index bd4a9dd..ca85942 100644
--- a/nginx-includes/wildcard-self-signed.conf
+++ b/nginx-includes/wildcard-self-signed.conf
@@ -1,6 +1,5 @@
 ---
 ---
 
-ssl on;
 ssl_certificate {{ site.cert-path }}/wildcard-self-signed.pem;
 ssl_certificate_key /etc/keys/leaf-main.key;
diff --git a/nginx-includes/wildcard-sha384.conf b/nginx-includes/wildcard-sha384.conf
index f67cbd7..43761fc 100644
--- a/nginx-includes/wildcard-sha384.conf
+++ b/nginx-includes/wildcard-sha384.conf
@@ -1,6 +1,5 @@
 ---
 ---
 
-ssl on;
 ssl_certificate {{ site.cert-path }}/wildcard-sha384.pem;
 ssl_certificate_key /etc/keys/leaf-main.key;
diff --git a/nginx-includes/wildcard-sha512.conf b/nginx-includes/wildcard-sha512.conf
index faedf1e..f783f28 100644
--- a/nginx-includes/wildcard-sha512.conf
+++ b/nginx-includes/wildcard-sha512.conf
@@ -1,6 +1,5 @@
 ---
 ---
 
-ssl on;
 ssl_certificate {{ site.cert-path }}/wildcard-sha512.pem;
 ssl_certificate_key /etc/keys/leaf-main.key;
diff --git a/nginx-includes/wildcard-untrusted-root.conf b/nginx-includes/wildcard-untrusted-root.conf
index f148664..f01930f 100644
--- a/nginx-includes/wildcard-untrusted-root.conf
+++ b/nginx-includes/wildcard-untrusted-root.conf
@@ -1,6 +1,5 @@
 ---
 ---
 
-ssl on;
 ssl_certificate {{ site.cert-path }}/wildcard-untrusted-root.pem;
 ssl_certificate_key /etc/keys/leaf-main.key;