diff --git a/roles/uptime_kuma/tasks/main.yml b/roles/uptime_kuma/tasks/main.yml
index 1063194..9e1a4d4 100644
--- a/roles/uptime_kuma/tasks/main.yml
+++ b/roles/uptime_kuma/tasks/main.yml
@@ -70,6 +70,12 @@
   become: false
   become_user: "{{ ansible_user }}"
 
+- name: Provision TLS certificate for uptime-kuma
+  ansible.builtin.include_tasks: "{{ role_path }}/../nginx/tasks/certbot.yml"
+  vars:
+    certbot_hostname: "{{ uptime_kuma_nginx_hostname }}"
+  when: uptime_kuma_nginx_enabled
+
 - name: Deploy nginx vhost configuration for uptime-kuma
   ansible.builtin.template:
     src: nginx-vhost.conf.j2
diff --git a/roles/uptime_kuma/templates/nginx-vhost.conf.j2 b/roles/uptime_kuma/templates/nginx-vhost.conf.j2
index 4b5c13e..e0ace55 100644
--- a/roles/uptime_kuma/templates/nginx-vhost.conf.j2
+++ b/roles/uptime_kuma/templates/nginx-vhost.conf.j2
@@ -46,9 +46,10 @@ server {
         # WebSocket support for real-time updates
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
+        proxy_set_header Connection $http_connection;
 
         # Disable buffering for real-time updates
         proxy_buffering off;
+        proxy_read_timeout 3600s;
     }
 }