diff --git a/core/nginx/conf/nginx.conf b/core/nginx/conf/nginx.conf
index dd2176ca..2dba0130 100644
--- a/core/nginx/conf/nginx.conf
+++ b/core/nginx/conf/nginx.conf
@@ -98,6 +98,7 @@ http {
       set $webdav {{ WEBDAV_ADDRESS }}:5232;
       {% endif %}
       client_max_body_size {{ MESSAGE_SIZE_LIMIT|int + 8388608 }};
+      http2 on;
 
       # Listen on HTTP only in kubernetes or behind reverse proxy
       {% if TLS_FLAVOR in [ 'mail-letsencrypt', 'notls', 'mail' ] %}
@@ -112,7 +113,6 @@ http {
       listen 443 ssl{% if PROXY_PROTOCOL_443 %} proxy_protocol{% endif %};
 {% if SUBNET6 %}
       listen [::]:443 ssl{% if PROXY_PROTOCOL_443 %} proxy_protocol{% endif %};
-      http2 on;
 {% endif %}
 
       include /etc/nginx/tls.conf;
diff --git a/towncrier/newsfragments/3613.bugfix b/towncrier/newsfragments/3613.bugfix
new file mode 100644
index 00000000..0618c857
--- /dev/null
+++ b/towncrier/newsfragments/3613.bugfix
@@ -0,0 +1 @@
+HTTP/2 does not require ipv6; in fact it does not require SSL certs either