For the past three years, the author has maintained Mozilla's Server Side TLS guidelines and written security tools to audit and improve HTTPS configurations. This talk is an overview of common mistakes made by services operators when configuring HTTPS, and how to prevent them and make network security stronger. We will also discuss various caveats of the Certificate Authorities ecosystems, mention CA failures like Diginotar and WoSign/StartSSL, and demo tools that can be used to monitor HTTPS configurations.