diff --git a/config/setup/tls.go b/config/setup/tls.go
index 8e0b7f03c..785eeb5c5 100644
--- a/config/setup/tls.go
+++ b/config/setup/tls.go
@@ -2,6 +2,7 @@ package setup
 
 import (
 	"crypto/tls"
+	"log"
 	"strings"
 
 	"github.com/mholt/caddy/middleware"
@@ -12,6 +13,12 @@ func TLS(c *Controller) (middleware.Middleware, error) {
 		c.TLS.Enabled = true
 	}
 
+	if c.Port == "http" {
+		c.TLS.Enabled = false
+		log.Printf("Warning: TLS disabled for %s://%s. To force TLS over the plaintext HTTP port, "+
+			"specify port 80 explicitly (https://%s:80).", c.Port, c.Host, c.Host)
+	}
+
 	for c.Next() {
 		args := c.RemainingArgs()
 		switch len(args) {