How to Enable HTTP/2 in nginx and Apache — 2026

Enterno.io Editorial Team

How to Enable HTTP/2 on Your Site

By Anatoly Oshmanovsky · Updated Apr 17, 2026

Key idea:

HTTP/2 is a binary multiplexed protocol that speeds up 10-30% of sites with no code changes. Requirements: HTTPS (mandatory), nginx ≥ 1.9.5, Apache ≥ 2.4.17 with mod_http2, OpenSSL ≥ 1.0.2 with ALPN. Enable with one config line. For Cloudflare/CDN it is already on.

Below: step-by-step, working examples, common pitfalls, FAQ.

Try it now — free →

Step-by-Step Setup

Check versions: nginx -V (≥ 1.9.5), openssl version (≥ 1.0.2 for ALPN)
In nginx replace listen 443 ssl; with listen 443 ssl http2;
Apache: a2enmod http2 + add Protocols h2 http/1.1 to vhost
Syntax check: nginx -t / apachectl configtest
Reload: systemctl reload nginx / systemctl reload apache2
Verify via Enterno SSL/TLS Checker — ALPN will show h2
Or in shell: curl -I --http2 https://example.com

Working Examples

Scenario	Config / Record
nginx minimal	`server { listen 443 ssl http2; server_name example.com; ssl_certificate /path/fullchain.pem; ssl_certificate_key /path/privkey.pem; }`
Apache 2.4.17+	`Protocols h2 http/1.1 (inside <VirtualHost *:443>)`
Cloudflare	`Dashboard → Network → HTTP/2 = ON (default)`
HTTP/2 Push (deprecated)	`Chrome 106+ removed Server Push. Use <code>103 Early Hints</code> instead.`

Common Pitfalls

HTTP/2 works ONLY over HTTPS — browsers do not support HTTP/2 cleartext
OpenSSL older than 1.0.2 (CentOS 6, Ubuntu 14.04) lacks ALPN → HTTP/2 unavailable
Apache prefork MPM is incompatible with mod_http2 — switch to event MPM
HTTP/1.1 browser connection pooling can be faster for some workloads — always measure

CertificateExpiry, issuer, domains (SAN)

ChainIntermediate and root CA validation

TLS ProtocolTLS version and cipher suite

VulnerabilitiesHeartbleed, POODLE, weak ciphers

Why teams trust us

TLS 1.3

supported

Full

CA chain check

<2s

result

30/14/7

days-to-expiry alerts

How it works

Enter domain

TLS chain verified

Expiry date & vulnerabilities

What Does the SSL Check Cover?

SSL/TLS is the encryption protocol that protects data between the browser and server. Our tool analyzes the certificate, chain of trust, TLS version, and knownvulnerabilities.

Certificate Details

Issuer, validity period, signature algorithm, covered domains (SAN), and validation type (DV/OV/EV).

Chain of Trust

Full chain verification: from leaf certificate through intermediates to root CA.

TLS Analysis

Protocol version (TLS 1.2/1.3), cipher suites, Perfect Forward Secrecy (PFS) support.

Expiry Alerts

Set up a monitor — get Telegram and email alerts 30/14/7 days before expiration.

DV vs OV vs EV Certificates

DV (Domain Validation)

Confirms domain ownership only
Issued in minutes automatically
Free via Let's Encrypt
Suitable for most websites
Most common certificate type

OV / EV

Organization (OV) or Extended Validation (EV)
Issued in 1-5 business days
Costs $50 to $500/year
For finance, e-commerce, government sites
Increases user trust

Who uses this

DevOps

SSL certificate monitoring

Security

TLS config audit

SEO

HTTPS as ranking factor

E-commerce

customer trust

Common Mistakes

❌

Expired certificateBrowsers block sites with expired SSL. Set up auto-renewal or monitoring.

❌

Incomplete certificate chainWithout intermediate CA, some browsers and bots cannot verify the certificate.

❌

Mixed content on HTTPS siteHTTP resources on an HTTPS page — the browser lock icon disappears, reducing trust.

❌

Using TLS 1.0/1.1Legacy TLS versions have known vulnerabilities. Use TLS 1.2+ or 1.3.

❌

Domain mismatch in certificateThe certificate must cover all site domains, including www and subdomains.

Best Practices

✓

Set up auto-renewalLet's Encrypt + certbot with cron — certificate renews automatically every 60-90 days.

✓

Enable HSTSStrict-Transport-Security header forces browsers to always use HTTPS.

✓

Use TLS 1.3TLS 1.3 is faster (1-RTT handshake) and safer — legacy ciphers removed.

✓

Monitor expiration datesCreate a monitor on Enterno.io — get notified well before expiration.

✓

Verify chain after renewalAfter certificate renewal, confirm that intermediate certificates are installed.

Get more with a free account

SSL certificate monitoring, check history and alerts 30 days before expiry.

Learn more

How-to

Glossary

Research

TLS Cipher Suites 2026: Distribution Report

Errors

Alternatives

Frequently Asked Questions

Is HTTP/2 always faster than HTTP/1.1?

No. On sites with a single large JS bundle the difference is tiny. On sites with many resources (CSS + many images + fonts) HTTP/2 yields a 10-30% gain from multiplexing.

Do I need to change code?

No. HTTP/2 is a transport change, the API is identical. Just drop legacy optimisations (domain sharding, inline critical CSS blocks) — they hurt HTTP/2.

Is HTTP/3 ready?

Yes, with nginx 1.25 (March 2023) stable. Or via Cloudflare automatically. Biggest gains on mobile networks. See our <a href="/en/s/research-http3-quic-adoption-2026">HTTP/3 adoption research</a>.

How do I verify HTTP/2 actually works?

<a href="/en/ssl">Enterno SSL Checker</a> or <code>curl -I --http2 https://site.com</code> — the response must include <code>HTTP/2 200</code>.