Why HTTP/3?
HTTP/3 is a significant improvement in web protocol technology, offering:
- Improved performance on unreliable networks
- Reduced latency through connection migration
- Better multiplexing without head-of-line blocking
- Enhanced mobile performance
- Improved security by default (QUIC is encrypted by design)
Enabling HTTP/3 in Ploi (recommended)
The easiest and safest way to enable HTTP/3 is the 1-click option in Ploi — no manual NGINX changes required. There are a few requirements:
- Your OS must be Ubuntu 24.04 or newer.
- NGINX must be version 1.25 or newer.
- Your server must have been created after May 2024. Servers created before that won't be able to use the automatic HTTP/3 option.
When Ploi detects that your server is supported, it shows an HTTP/3 checkbox you can simply enable:

Do I need a new SSL certificate?
No. You can keep your existing certificate. HTTP/3 uses QUIC, which still relies on TLS 1.3, so any valid SSL/TLS certificate that works for HTTPS works for HTTP/3 too — the requirements are the same as for HTTP/2 and regular HTTPS. Just make sure your certificate is valid (not expired), properly installed and trusted by browsers.
Verifying HTTP/3
Using curl:
curl --http3 https://example.com
Or in Chrome DevTools: open DevTools (F12), go to the Network tab, and look for "h3" in the Protocol column.
Advanced: enabling HTTP/3 manually
Warning: the steps below install NGINX from the official nginx.org repository, which replaces the NGINX that Ploi manages. This can conflict with Ploi's configuration and break your stack — only do this if you understand the consequences and manage NGINX yourself. For almost all users, the 1-click option above is the right choice.
1. Add the NGINX repository:
sudo apt update
sudo apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
2. Install NGINX and verify the version (should be 1.25.0 or higher):
sudo apt update
sudo apt install nginx
nginx -v
3. In your site configuration (for example /etc/nginx/conf.d/example.com.conf), enable HTTP/3:
server {
listen 443 ssl http3 reuseport;
listen [::]:443 ssl http3 reuseport;
listen 443 ssl;
listen [::]:443 ssl;
server_name example.com;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
# Enable HTTP/3
add_header Alt-Svc 'h3=":443"; ma=86400';
# SSL configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
location / {
root /var/www/html;
index index.html;
}
}
4. Test the configuration and reload NGINX:
sudo nginx -t
sudo systemctl reload nginx
5. Open the firewall port. HTTP/3 runs over UDP on port 443, while most servers only have TCP/443 open. Make sure both are allowed:
- TCP port 443 (regular HTTPS fallback)
- UDP port 443 (HTTP/3 / QUIC)
Troubleshooting
- Check the NGINX error log:
tail -f /var/log/nginx/error.log - Ensure UDP port 443 is open in your firewall.
- Verify NGINX is running:
systemctl status nginx