diff --git a/README.md b/README.md
index 34386a0..da12beb 100644
--- a/README.md
+++ b/README.md
@@ -15,7 +15,7 @@ This image translates between plain http and https using HAProxy.
     +---+                         |          +------------+-+             +-------------+
 --->+ 80|                         |          |              |             |             |
     +---+                         |      +---+ docker nginx |        +----+             |
-        |                         +----->+ 80|  auto proxy  +-------->  80|  Wordpress  |
+        |    SSL Proxy            +----->+ 80|  auto proxy  +-------->  80|  Wordpress  |
     +---+                         |      +---+              |        +----+             |
 --->+443|                         |          |              |             |             |
     +---+                         |          +--+---------+-+             +-------------+
diff --git a/haproxy.conf b/haproxy.conf
index 079f2de..c6e3c17 100644
--- a/haproxy.conf
+++ b/haproxy.conf
@@ -23,6 +23,10 @@ defaults
 
 frontend http
         bind *:80
+
+        # add X-Forwarded-For Header to request
+        http-request add-header X-Forwarded-For %[src]
+        
         reqadd X-Forwarded-Proto:\ http
         acl letsencrypt-acl path_beg /.well-known/acme-challenge/
         use_backend letsencrypt-backend if letsencrypt-acl
diff --git a/haproxy_ssl.conf b/haproxy_ssl.conf
index 4729d1f..a296c86 100644
--- a/haproxy_ssl.conf
+++ b/haproxy_ssl.conf
@@ -23,17 +23,30 @@ defaults
 
 frontend http
         bind *:80
+
+        # add X-Forwarded-For Header to request
+        http-request add-header X-Forwarded-For %[src]
+
         reqadd X-Forwarded-Proto:\ http
-        acl letsencrypt-acl path_beg /.well-known/acme-challenge/
+
         redirect scheme https code 301 if !{ ssl_fc }
+
+        acl letsencrypt-acl path_beg /.well-known/acme-challenge/
         use_backend letsencrypt-backend if letsencrypt-acl
+
         default_backend www-backend
 
 frontend https
         bind *:443 ssl crt /data/haproxy/cert.pem
+
+        # add X-Forwarded-For Header to request
+        http-request add-header X-Forwarded-For %[src]
+
         reqadd X-Forwarded-Proto:\ https
+
         acl letsencrypt-acl path_beg /.well-known/acme-challenge/
         use_backend letsencrypt-backend if letsencrypt-acl
+
         default_backend www-backend
 
 backend www-backend
diff --git a/start.py b/start.py
index 84eb9ba..a19db45 100644
--- a/start.py
+++ b/start.py
@@ -122,12 +122,20 @@ def create_haproxy_cert():
     logging.info('using %s as base dir', youngest_directory)
 
     # read fullchain.pem and privkey.pem
+    if not os.path.exists(youngest_directory + '/fullchain.pem') or not os.path.exists(youngest_directory + '/privkey.pem'):
+        logging.info('either fullchain.pem or privkey.pem is missing.')
+        return
+
     fullchain = read_file(youngest_directory + '/fullchain.pem')
     privkey = read_file(youngest_directory + '/privkey.pem')
     write_file(cert_file, fullchain + privkey)
     logging.info('file written')
 
 def create_cert_data_standalone(domains):
+    if len(domains) == 0:
+        logging.info('no domains for SSL found.')
+        return
+
     domains = " -d ".join(domains)
 
     # we should use tls-sni-01 if ssl is already running!