diff --git a/Dockerfile b/Dockerfile
index f3e825f..c91f408 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
-FROM nginx:1.21.3-alpine
+FROM nginx:1.21.4-alpine
 
 RUN apk update && apk add certbot bind-tools
 
-COPY entrypoint.sh /
+COPY entrypoint.sh nginx-http-redir.conf /
 CMD ["/entrypoint.sh"]
diff --git a/README.md b/README.md
index ef5a345..357f858 100644
--- a/README.md
+++ b/README.md
@@ -23,6 +23,10 @@ services**.
   container not to change permissions
 * If you setup the variable NGINX to any value, the container will
   start nginx and reload after trying to renew the certificate
+* If you set the variable NGINX_HTTP_REDIRECT, the container will
+  enable automatic redirect of http to https with the exception of the
+  path /.well-known/acme-challenge/
+
 
 ```
 docker run -e DOMAIN=example.com \
@@ -45,6 +49,22 @@ docker run -e DOMAIN=example.com \
 you will get a proper, real world usable nginx server. Inject the
 nginx configuration by meains of a volume to /etc/nginx/conf.d
 
+### Nginx HTTP redirect support
+
+Using
+
+```
+docker run -e DOMAIN=example.com \
+           -e EMAIL=root@example.com \
+           -e NGINX=yes \
+           -e NGINX_HTTP_REDIRECT=yes \
+           -e STAGING=no \
+              ungleich/ungleich-certbot
+```
+
+the container will listen on port 80 and redirect the traffic to port
+443 (https).
+
 ### Exiting after getting the certificate
 
 By default, the container will stay alive and try to renew the
diff --git a/entrypoint.sh b/entrypoint.sh
index 1a46032..99462dc 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -58,13 +58,20 @@ fi
 # Still there? Start nginx if requested
 
 if [ "$NGINX" ]; then
+
+    if [ "$NGINX_HTTP_REDIRECT" ]; then
+        cp /nginx-http-redir.conf /etc/nginx/conf.d
+    fi
     nginx
 fi
 
 # Try to renew once per day
 while true; do
-    /usr/bin/certbot renew
-
+    if [ "$NGINX_HTTP_REDIRECT" ]; then
+        /usr/bin/certbot renew --webroot --webroot-path /var/www/html
+    else
+        /usr/bin/certbot renew
+    fi
 
     # And again, correct permissions if not told otherwise
     if [ -z "$LEAVE_PERMISSIONS_AS_IS" ]; then
diff --git a/nginx-http-redir.conf b/nginx-http-redir.conf
new file mode 100644
index 0000000..762973d
--- /dev/null
+++ b/nginx-http-redir.conf
@@ -0,0 +1,16 @@
+server {
+    listen *:80;
+    listen [::]:80;
+
+    server_name _;
+    root /var/www/html/;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/html;
+    }
+
+    # Everything else -> ssl
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}