diff --git a/install_httpd-2.4.sh b/install_httpd-2.4.sh
index d59cb6a..1c1a9a7 100755
--- a/install_httpd-2.4.sh
+++ b/install_httpd-2.4.sh
@@ -39,12 +39,6 @@ else
    _PHP_VERSION=7.4.33
 fi
 
-#_SSL_Cipher_Suite='ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-ARIA256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-ARIA128-GCM-SHA256'
-
-# see: https://ssl-config.mozilla.org
-#
-_SSL_Cipher_Suite='ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'
-
 
 ## - Determin IP-Adresses
 ## -
@@ -109,6 +103,19 @@ DIRECTORY_INDEX="index.html index.htm index.php"
 
 MUTEX_DIR="${APACHE_LOG_DIR}/ssl_mutex"
 
+
+#_SSL_Cipher_Suite='ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-ARIA256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-ARIA128-GCM-SHA256'
+
+# see: https://ssl-config.mozilla.org
+#
+_SSL_Cipher_Suite='ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'
+
+_SSL_HONOR_CIPHER_ORDER="off"
+_SSL_COMPRESSION="off"
+_SSL_SESSION_TICKETS="off"
+_SSL_USE_STAPLING="on"
+_SSL_STAPLING_CACHE="shmcb:${APACHE_LOG_DIR}/ssl_stapling(32768)"
+
 _BASE_WEBSPACE_DIR="/var/www"
 #_GLOBAL_DOC_ROOT="${_BASE_WEBSPACE_DIR}/default"
 #_SUEXEC_DOC_ROOT=$_BASE_WEBSPACE_DIR
@@ -2454,22 +2461,22 @@ EOF
       echo_skipped
    fi
 
-#   ## - Set SSLCipherSuite
-#   ## -
-#   echo "" >> ${_logdir}/main.log
-#   echo "## - $_file: Set SSLCipherSuite.." >> ${_logdir}/main.log
-#   echo "## -" >> ${_logdir}/main.log
-#   echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*SSLCipherSuite ).*)$&## \1\n\2${_SSL_Cipher_Suite}&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
-#   echononl "\t$_file: Set SSLCipherSuite.."
-#   sed -i$_backup_suffix -r \
-#      -e "s&^(([ ^t]*SSLCipherSuite ).*)$&## \1\n\2${_SSL_Cipher_Suite}&g" \
-#      ${PREFIX}/${_rel_confextra_path}/${_file}  >> ${_logdir}/main.log 2>&1
-#   if [ "0" = $? ]; then
-#      echo_ok
-#      rm ${PREFIX}/${_rel_confextra_path}/${_file}$_backup_suffix
-#   else
-#      echo_failed
-#   fi
+   ## - Set SSLCipherSuite
+   ## -
+   echo "" >> ${_logdir}/main.log
+   echo "## - $_file: Set SSLCipherSuite.." >> ${_logdir}/main.log
+   echo "## -" >> ${_logdir}/main.log
+   echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*SSLCipherSuite ).*)$&## \1\n\2${_SSL_Cipher_Suite}&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
+   echononl "\t$_file: Set SSLCipherSuite.."
+   sed -i$_backup_suffix -r \
+      -e "s&^(([ ^t]*SSLCipherSuite ).*)$&## \1\n\2${_SSL_Cipher_Suite}&g" \
+      ${PREFIX}/${_rel_confextra_path}/${_file}  >> ${_logdir}/main.log 2>&1
+   if [ "0" = $? ]; then
+      echo_ok
+      rm ${PREFIX}/${_rel_confextra_path}/${_file}$_backup_suffix
+   else
+      echo_failed
+   fi
 
 
    ## - Set SSLCertificateFile
@@ -2490,22 +2497,22 @@ EOF
    fi
 
 
-#   ## - Set SSLProxyCipherSuite
-#   ## -
-#   echo "" >> ${_logdir}/main.log
-#   echo "## - $_file: Set SSLProxyCipherSuite.." >> ${_logdir}/main.log
-#   echo "## -" >> ${_logdir}/main.log
-#   echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*SSLProxyCipherSuite ).*)$&## \1\n\2${_SSL_Cipher_Suite}&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
-#   echononl "\t$_file: Set SSLProxyCipherSuite.."
-#   sed -i$_backup_suffix -r \
-#      -e "s&^(([ ^t]*SSLProxyCipherSuite ).*)$&## \1\n\2${_SSL_Cipher_Suite}&g" \
-#      ${PREFIX}/${_rel_confextra_path}/${_file}  >> ${_logdir}/main.log 2>&1
-#   if [ "0" = $? ]; then
-#      echo_ok
-#      rm ${PREFIX}/${_rel_confextra_path}/${_file}$_backup_suffix
-#   else
-#      echo_failed
-#   fi
+   ## - Set SSLProxyCipherSuite
+   ## -
+   echo "" >> ${_logdir}/main.log
+   echo "## - $_file: Set SSLProxyCipherSuite.." >> ${_logdir}/main.log
+   echo "## -" >> ${_logdir}/main.log
+   echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*SSLProxyCipherSuite ).*)$&## \1\n\2${_SSL_Cipher_Suite}&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
+   echononl "\t$_file: Set SSLProxyCipherSuite.."
+   sed -i$_backup_suffix -r \
+      -e "s&^(([ ^t]*SSLProxyCipherSuite ).*)$&## \1\n\2${_SSL_Cipher_Suite}&g" \
+      ${PREFIX}/${_rel_confextra_path}/${_file}  >> ${_logdir}/main.log 2>&1
+   if [ "0" = $? ]; then
+      echo_ok
+      rm ${PREFIX}/${_rel_confextra_path}/${_file}$_backup_suffix
+   else
+      echo_failed
+   fi
 
 
    ## - Set SSLProtocol
@@ -2545,13 +2552,16 @@ EOF
 
    ## - Set SSLHonorCipherOrder
    ## -
+   _key="SSLHonorCipherOrder"
+   _val="${_SSL_HONOR_CIPHER_ORDER}"
+
    echo "" >> ${_logdir}/main.log
-   echo "## - $_file: Set SSLHonorCipherOrder.." >> ${_logdir}/main.log
+   echo "## - $_file: Set ${_key}.." >> ${_logdir}/main.log
    echo "## -" >> ${_logdir}/main.log
-   echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*#*[ ^t]*SSLHonorCipherOrder ).*)$&##\1\nSSLHonorCipherOrder on&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
-   echononl "\t$_file: Set SSLHonorCipherOrder.."
+   echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*#*[ ^t]*${_key} ).*)$&##\1\n${_key} ${_val}&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
+   echononl "\t$_file: Set ${_key}.."
    sed -i$_backup_suffix -r \
-      -e "s&^(([ ^t]*#*[ ^t]*SSLHonorCipherOrder ).*)$&##\1\nSSLHonorCipherOrder on&g" \
+      -e "s&^(([ ^t]*#*[ ^t]*${_key} ).*)$&##\1\n${_key} ${_val}&g" \
       ${PREFIX}/${_rel_confextra_path}/${_file}  >> ${_logdir}/main.log 2>&1
    if [ "0" = $? ]; then
       echo_ok
@@ -2560,24 +2570,101 @@ EOF
       echo_failed
    fi
 
+   ## - Set SSLUseStapling
+   ## -
+   _key="SSLUseStapling"
+   _val="${_SSL_USE_STAPLING}"
+
+   echo "" >> ${_logdir}/main.log
+   echo "## - $_file: Set ${_key}.." >> ${_logdir}/main.log
+   echo "## -" >> ${_logdir}/main.log
+   echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*#*[ ^t]*${_key} ).*)$&##\1\n${_key} ${_val}&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
+   echononl "\t$_file: Set ${_key}.."
+   sed -i$_backup_suffix -r \
+      -e "s&^(([ ^t]*#*[ ^t]*${_key} ).*)$&##\1\n${_key} ${_val}&g" \
+      ${PREFIX}/${_rel_confextra_path}/${_file}  >> ${_logdir}/main.log 2>&1
+   if [ "0" = $? ]; then
+      echo_ok
+      rm ${PREFIX}/${_rel_confextra_path}/${_file}$_backup_suffix
+   else
+      echo_failed
+   fi
+
+   ## - Set SSLUseStapling
+   ## -
+   _key="SSLStaplingCache"
+   _val="${_SSL_STAPLING_CACHE}"
+
+   echo "" >> ${_logdir}/main.log
+   echo "## - $_file: Set ${_key}.." >> ${_logdir}/main.log
+   echo "## -" >> ${_logdir}/main.log
+   echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*#*[ ^t]*${_key} ).*)$&##\1\n${_key} ${_val}&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
+   echononl "\t$_file: Set ${_key}.."
+   sed -i$_backup_suffix -r \
+      -e "s&^(([ ^t]*#*[ ^t]*${_key} ).*)$&##\1\n${_key} ${_val}&g" \
+      ${PREFIX}/${_rel_confextra_path}/${_file}  >> ${_logdir}/main.log 2>&1
+   if [ "0" = $? ]; then
+      echo_ok
+      rm ${PREFIX}/${_rel_confextra_path}/${_file}$_backup_suffix
+   else
+      echo_failed
+   fi
+
+   ## - Set SSLSessionTickets
+   ## -
+   _key="SSLSessionTickets"
+   _val="${_SSL_SESSION_TICKETS}"
+
+   echo "" >> ${_logdir}/main.log
+   echo "## - $_file: Set ${_key}.." >> ${_logdir}/main.log
+   echo "## -" >> ${_logdir}/main.log
+
+   echononl "\t$_file: Set ${_key}.."
+   if $(grep -i -q -E "^\s*#?\s*${_key}" ${PREFIX}/${_rel_confextra_path}/${_file} 2>> ${_logdir}/main.log) ; then
+
+      echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*#*[ ^t]*${_key} ).*)$&##\1\n${_key} ${_val}&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
+      sed -i$_backup_suffix -r \
+         -e "s&^(([ ^t]*#*[ ^t]*${_key} ).*)$&##\1\n${_key} ${_val}&g" \
+         ${PREFIX}/${_rel_confextra_path}/${_file}  >> ${_logdir}/main.log 2>&1
+      if [ "0" = $? ]; then
+         echo_ok
+         rm ${PREFIX}/${_rel_confextra_path}/${_file}$_backup_suffix
+      else
+         echo_failed
+      fi
+   else
+      echo "sed -i$_backup_suffix -r -e \"s&^([ ^t]*#*[ ^t]*SSLHonorCipherOrder.*)&\1\n${_key} ${_val}&g\"  ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
+      sed -i$_backup_suffix -r \
+          -e "s&^([ ^t]*SSLHonorCipherOrder .*)$&\1\n${_key} ${_val}&g" \
+          ${PREFIX}/${_rel_confextra_path}/${_file}  >> ${_logdir}/main.log 2>&1
+      if [ "0" = $? ]; then
+         echo_ok
+         rm ${PREFIX}/${_rel_confextra_path}/${_file}$_backup_suffix
+      else
+         echo_failed
+      fi
+   fi
+      
 
    ## - Set SSLCompression
    ## -
+   _key="SSLCompression"
+   _val="${_SSL_COMPRESSION}"
    ssl_compression_comment="#   SSLCompression
 # 
 #   Note:
 #   Enabling compression causes security issues in most setups (the so called CRIME attack)."
    echo "" >> ${_logdir}/main.log
-   echo "## - $_file: Set SSLCompression.." >> ${_logdir}/main.log
+   echo "## - $_file: Set ${_key}.." >> ${_logdir}/main.log
    echo "## -" >> ${_logdir}/main.log
    cat <<EOF >> ${_logdir}/main.log
 perl -i$_backup_suffix -n -p \\
-   -e "s&^(\s*SSLHonorCipherOrder\s+.*)&\1\n\n${ssl_compression_comment}\nSSLCompression off&" \\
+   -e "s&^(\s*${_key}Order\s+.*)&\1\n\n${ssl_compression_comment}\n${_key} ${_val}&" \\
    ${PREFIX}/${_rel_confextra_path}/${_file}
 EOF
-   echononl "\t$_file: Set SSLCompression.."
+   echononl "\t$_file: Set ${_key}.."
    perl -i$_backup_suffix -n -p \
-      -e "s&^(\s*SSLHonorCipherOrder\s+.*)&\1\n\n${ssl_compression_comment}\nSSLCompression off&" \
+      -e "s&^(\s*SSLHonorCipherOrder\s+.*)&\1\n\n${ssl_compression_comment}\n${_key} ${_val}&" \
       ${PREFIX}/${_rel_confextra_path}/${_file}  >> ${_logdir}/main.log 2>&1
    if [ "0" = $? ]; then
       echo_ok
@@ -4030,8 +4117,11 @@ $_vhost_default_80
    RewriteEngine On
    RewriteCond %{HTTP_HOST} ^autoconfig\. [NC]
    RewriteRule ^/(.*)   http://autoconfig.${_DOMAIN}.${_TLD}/\$1 [L,R=301,NE]
-   #RewriteCond %{HTTP_HOST} !^autoconfig\. [NC]
-   #RewriteRule ^/(.*)   http://www.${_DOMAIN}.${_TLD} [L,R=301,NE]
+
+   RewriteCond %{HTTP_HOST} !^autoconfig\. [NC]
+   RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
+   RewriteCond %{HTTPS} !=on
+   RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
 
    DocumentRoot "$GLOBAL_DOC_ROOT"
 
@@ -4141,9 +4231,10 @@ $_vhost_default_443
    SSLEngine on
 
    ## - don't support weak ciphers
-   SSLHonorCipherOrder On
+   SSLHonorCipherOrder Off
+   SSLSessionTickets Off
    SSLCompression Off
-   SSLProtocol ALL -SSLv2 -SSLv3
+   SSLProtocol ALL -SSLv3 -TLSv1 -TLSv1.1
 
    SSLCertificateFile /usr/local/apache2/conf/server-bundle.crt
    SSLCertificateKeyFile /usr/local/apache2/conf/server.key