Skip to content

How to Enable HTTP/2 on Your Site

Key idea:

HTTP/2 is a binary multiplexed protocol that speeds up 10-30% of sites with no code changes. Requirements: HTTPS (mandatory), nginx ≥ 1.9.5, Apache ≥ 2.4.17 with mod_http2, OpenSSL ≥ 1.0.2 with ALPN. Enable with one config line. For Cloudflare/CDN it is already on.

Below: step-by-step, working examples, common pitfalls, FAQ.

Check your site's SSL →

Step-by-Step Setup

  1. Check versions: nginx -V (≥ 1.9.5), openssl version (≥ 1.0.2 for ALPN)
  2. In nginx replace listen 443 ssl; with listen 443 ssl http2;
  3. Apache: a2enmod http2 + add Protocols h2 http/1.1 to vhost
  4. Syntax check: nginx -t / apachectl configtest
  5. Reload: systemctl reload nginx / systemctl reload apache2
  6. Verify via Enterno SSL/TLS Checker — ALPN will show h2
  7. Or in shell: curl -I --http2 https://example.com

Working Examples

ScenarioConfig / Record
nginx minimalserver { listen 443 ssl http2; server_name example.com; ssl_certificate /path/fullchain.pem; ssl_certificate_key /path/privkey.pem; }
Apache 2.4.17+Protocols h2 http/1.1 (inside <VirtualHost *:443>)
CloudflareDashboard → Network → HTTP/2 = ON (default)
HTTP/2 Push (deprecated)Chrome 106+ removed Server Push. Use <code>103 Early Hints</code> instead.

Common Pitfalls

  • HTTP/2 works ONLY over HTTPS — browsers do not support HTTP/2 cleartext
  • OpenSSL older than 1.0.2 (CentOS 6, Ubuntu 14.04) lacks ALPN → HTTP/2 unavailable
  • Apache prefork MPM is incompatible with mod_http2 — switch to event MPM
  • HTTP/1.1 browser connection pooling can be faster for some workloads — always measure

TL;DR

To enable HTTP/2 in Nginx and Apache, you need to ensure your server supports it and then modify the configuration files. For Nginx, use the directive http2 in your server block. For Apache, enable the mod_http2 module and add Protocols h2 http/1.1 to your VirtualHost. Don't forget to ensure you are using SSL, as HTTP/2 requires HTTPS.

Enabling HTTP/2 in Nginx

To enable HTTP/2 in Nginx, follow these steps:

  1. Check Nginx Version: Ensure you are running Nginx version 1.9.5 or higher, as HTTP/2 support was introduced in this version. You can check your version using the command:
nginx -v
  1. Update Configuration: Open your Nginx configuration file, typically located at /etc/nginx/nginx.conf or within the /etc/nginx/sites-available/ directory for site-specific configurations. In the server block where you have SSL enabled, modify the listen directive to include http2:
server {
    listen 443 ssl http2;
    server_name example.com;

    ssl_certificate /path/to/certificate.crt;
    ssl_certificate_key /path/to/privatekey.key;

    location / {
        # Your location settings
    }
}
  1. Test Configuration: Before applying changes, test the Nginx configuration for any syntax errors:
nginx -t
  1. Restart Nginx: If the test is successful, restart Nginx to apply the new configuration:
systemctl restart nginx
  1. Verify HTTP/2: You can verify if HTTP/2 is enabled using online tools or by inspecting the response headers with cURL:
curl -I -s --http2 https://example.com | grep HTTP/2

If you see HTTP/2 200, HTTP/2 is successfully enabled.

Enabling HTTP/2 in Apache

To enable HTTP/2 in Apache, follow these detailed steps:

  1. Check Apache Version: You need Apache version 2.4.17 or higher. Check your version with:
apache2 -v
  1. Enable Required Modules: Ensure the mod_http2 module is enabled. You can enable it using the following command:
a2enmod http2
  1. Update VirtualHost Configuration: Edit your Apache configuration file (typically in /etc/httpd/conf/httpd.conf or /etc/apache2/sites-available/ for site-specific configurations). Add the following lines to your VirtualHost section that uses SSL:
<VirtualHost *:443>
    ServerName example.com
    DocumentRoot /var/www/html

    SSLEngine on
    SSLCertificateFile /path/to/certificate.crt
    SSLCertificateKeyFile /path/to/privatekey.key

    Protocols h2 http/1.1
</VirtualHost>
  1. Test Configuration: Always test your Apache configuration after making changes:
apachectl configtest
  1. Restart Apache: If the test is successful, restart Apache to apply the changes:
systemctl restart apache2
  1. Verify HTTP/2: Similar to Nginx, verify HTTP/2 is working using cURL:
curl -I -s --http2 https://example.com | grep HTTP/2

Seeing HTTP/2 200 confirms that HTTP/2 is enabled on your Apache server.

CertificateExpiry, issuer, domains (SAN)
ChainIntermediate and root CA validation
TLS ProtocolTLS version and cipher suite
VulnerabilitiesHeartbleed, POODLE, weak ciphers

Why teams trust us

TLS 1.3
supported
Full
CA chain check
<2s
result
30/14/7
days-to-expiry alerts

How it works

1

Enter domain

2

TLS chain verified

3

Expiry date & vulnerabilities

What Does the SSL Check Cover?

SSL/TLS is the encryption protocol that protects data between the browser and server. Our tool analyzes the certificate, chain of trust, TLS version, and knownvulnerabilities.

Certificate Details

Issuer, validity period, signature algorithm, covered domains (SAN), and validation type (DV/OV/EV).

Chain of Trust

Full chain verification: from leaf certificate through intermediates to root CA.

TLS Analysis

Protocol version (TLS 1.2/1.3), cipher suites, Perfect Forward Secrecy (PFS) support.

Expiry Alerts

Set up a monitor — get Telegram and email alerts 30/14/7 days before expiration.

DV vs OV vs EV Certificates

DV (Domain Validation)
  • Confirms domain ownership only
  • Issued in minutes automatically
  • Free via Let's Encrypt
  • Suitable for most websites
  • Most common certificate type
OV / EV
  • Organization (OV) or Extended Validation (EV)
  • Issued in 1-5 business days
  • Costs $50 to $500/year
  • For finance, e-commerce, government sites
  • Increases user trust

Who uses this

DevOps

SSL certificate monitoring

Security

TLS config audit

SEO

HTTPS as ranking factor

E-commerce

customer trust

Common Mistakes

Expired certificateBrowsers block sites with expired SSL. Set up auto-renewal or monitoring.
Incomplete certificate chainWithout intermediate CA, some browsers and bots cannot verify the certificate.
Mixed content on HTTPS siteHTTP resources on an HTTPS page — the browser lock icon disappears, reducing trust.
Using TLS 1.0/1.1Legacy TLS versions have known vulnerabilities. Use TLS 1.2+ or 1.3.
Domain mismatch in certificateThe certificate must cover all site domains, including www and subdomains.

Best Practices

Set up auto-renewalLet's Encrypt + certbot with cron — certificate renews automatically every 60-90 days.
Enable HSTSStrict-Transport-Security header forces browsers to always use HTTPS.
Use TLS 1.3TLS 1.3 is faster (1-RTT handshake) and safer — legacy ciphers removed.
Monitor expiration datesCreate a monitor on Enterno.io — get notified well before expiration.
Verify chain after renewalAfter certificate renewal, confirm that intermediate certificates are installed.

Get more with a free account

SSL certificate monitoring, check history and alerts 30 days before expiry.

Sign up free

Learn more

Frequently Asked Questions

Is HTTP/2 always faster than HTTP/1.1?

No. On sites with a single large JS bundle the difference is tiny. On sites with many resources (CSS + many images + fonts) HTTP/2 yields a 10-30% gain from multiplexing.

Do I need to change code?

No. HTTP/2 is a transport change, the API is identical. Just drop legacy optimisations (domain sharding, inline critical CSS blocks) — they hurt HTTP/2.

Is HTTP/3 ready?

Yes, with nginx 1.25 (March 2023) stable. Or via Cloudflare automatically. Biggest gains on mobile networks. See our <a href="/en/s/research-http3-quic-adoption-2026">HTTP/3 adoption research</a>.

How do I verify HTTP/2 actually works?

<a href="/en/ssl">Enterno SSL Checker</a> or <code>curl -I --http2 https://site.com</code> — the response must include <code>HTTP/2 200</code>.

Try the live tool that powered this guide

Free plan — 10 monitors, checks every 5 min, no card required. Upgrade for 1-minute interval and multi-region monitoring.