diff --git a/letsencrypt/conf/renewal/server.schooltech.ch.conf b/letsencrypt/conf/renewal/server.schooltech.ch.conf
index 9b37deb..56518ff 100644
--- a/letsencrypt/conf/renewal/server.schooltech.ch.conf
+++ b/letsencrypt/conf/renewal/server.schooltech.ch.conf
@@ -18,4 +18,4 @@ controller.server.schooltech.ch = /var/www/certbot
 portainer.server.schooltech.ch = /var/www/certbot
 simulation3a29.server.schooltech.ch = /var/www/certbot
 [acme_renewal_info]
-ari_retry_after = 2026-02-07T08:36:28
+ari_retry_after = 2026-02-14T07:10:40
diff --git a/nginx.conf b/nginx.conf
index be4437f..7b8c13a 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -35,6 +35,7 @@ server {
     ssl_certificate /etc/letsencrypt/live/server.schooltech.ch/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/server.schooltech.ch/privkey.pem;
     ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
 
     # Einfach Verbindung schließen für unbekannte Hosts
     return 444;
@@ -66,6 +67,9 @@ server {
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
+
+        proxy_buffering off;
+        proxy_request_buffering off;
     }
 
     # ------------------------------------------------------------
@@ -85,6 +89,10 @@ server {
 
     # Security
     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+
+    # SSL
+    tcp_nopush on;
+    tcp_nodelay on;
 }
 
 # ------------------------------------------------------------