diff --git a/haproxy.cfg b/haproxy.cfg
index 1d573e4..df82b20 100644
--- a/haproxy.cfg
+++ b/haproxy.cfg
@@ -50,6 +50,12 @@ frontend http
     http-request set-log-level silent if url_docker_health
     http-request return status 200 if url_docker_health
 
+    # Redirect all http requests to https
+    redirect scheme https code 301 if !url_acme_http01 !url_docker_health
+
+frontend https
+    bind *:443 ssl crt /etc/haproxy/certs crt "${CERT_DIR}" no-tls-tickets
+
     # Optional: redirects for root requests with certain host names to service paths
     acl is_root path -i /
     acl is_redirect_1 hdr(host) -i "${PROXY_HOST_REDIRECT_1_NAME}"
@@ -73,12 +79,6 @@ frontend http
     redirect code 302 location "https://${DOMAINNAME}${PROXY_HOST_REDIRECT_9_TARGET}" if is_root is_redirect_9
     redirect code 302 location "https://${DOMAINNAME}${PROXY_HOST_REDIRECT_10_TARGET}" if is_root is_redirect_10
 
-    # Redirect all http requests to https
-    redirect scheme https if !url_acme_http01 !url_docker_health
-
-frontend https
-    bind *:443 ssl crt /etc/haproxy/certs crt "${CERT_DIR}" no-tls-tickets
-
     # Enable X-Forwarded header(s)
     option forwardfor
     http-request add-header X-Forwarded-Proto https