diff --git a/smartgears/smartgears-nginx-frontend/templates/generic-smartgears-virtualhost.j2 b/smartgears/smartgears-nginx-frontend/templates/generic-smartgears-virtualhost.j2
index 82b361f8..ab309e2c 100644
--- a/smartgears/smartgears-nginx-frontend/templates/generic-smartgears-virtualhost.j2
+++ b/smartgears/smartgears-nginx-frontend/templates/generic-smartgears-virtualhost.j2
@@ -1,5 +1,8 @@
 server {
     listen {{ http_port }};
+{% if letsencrypt_acme_install %}
+    include /etc/nginx/snippets/letsencrypt-proxy.conf;
+{% endif %}
     location ~ /\.(?!well-known).* {
         deny all;
         access_log off;
@@ -14,9 +17,6 @@ server {
     server_name _;
 {% else %}    
     server_name {{ item.servername }} {% if smartgears_nginx_serveraliases is defined %}{% for vh in smartgears_nginx_serveraliases %} {{ vh }}{% endfor %}{% endif %};
-{% endif %}
-{% if letsencrypt_acme_install %}
-    include /etc/nginx/snippets/letsencrypt-proxy.conf;
 {% endif %}
     access_log /var/log/nginx/{{ item.servername }}_access.log;
     error_log /var/log/nginx/{{ item.servername }}_error.log;
@@ -190,6 +190,13 @@ server {
 {% if letsencrypt_acme_install %}
 server {
     listen {{ https_port }} ssl;
+    location ~ /\.(?!well-known).* {
+        deny all;
+        access_log off;
+        log_not_found off;
+        return 404;
+    }
+
     client_max_body_size {{ nginx_client_max_body_size | default('100M') }};
 {% if egi_image is defined and egi_image %}
     # No servername into the EGI images
diff --git a/smartgears/smartgears-nginx-frontend/templates/nginx-smartgears-virtualhost.j2 b/smartgears/smartgears-nginx-frontend/templates/nginx-smartgears-virtualhost.j2
index 4778f6e7..e59b6811 100644
--- a/smartgears/smartgears-nginx-frontend/templates/nginx-smartgears-virtualhost.j2
+++ b/smartgears/smartgears-nginx-frontend/templates/nginx-smartgears-virtualhost.j2
@@ -14,6 +14,10 @@ server {
     server_name {{ item.server_name }} {% if item.serveraliases is defined %}{{ item.serveraliases }}{% endif %};
 {% endif %}
 
+{% if letsencrypt_acme_install %}
+    include /etc/nginx/snippets/letsencrypt-proxy.conf;
+{% endif %}
+
     location ~ /\.(?!well-known).* {
         deny all;
         access_log off;
@@ -21,10 +25,6 @@ server {
         return 404;
     }
 
-{% if letsencrypt_acme_install %}
-    include /etc/nginx/snippets/letsencrypt-proxy.conf;
-{% endif %}
-
     {% if item.access_log is defined %}
     access_log {{ item.access_log }};
     {% else %}
@@ -347,6 +347,13 @@ server {
     server_name {{ item.server_name }} {% if item.serveraliases is defined %}{{ item.serveraliases }}{% endif %};
 {% endif %}
 
+    location ~ /\.(?!well-known).* {
+        deny all;
+        access_log off;
+        log_not_found off;
+        return 404;
+    }
+
     {% if item.access_log is defined %}
     access_log {{ item.access_log }};
     {% else %}