diff --git a/docs/configuring-playbook-riot-web.md b/docs/configuring-playbook-riot-web.md
index dc283885b..ff424d0ad 100644
--- a/docs/configuring-playbook-riot-web.md
+++ b/docs/configuring-playbook-riot-web.md
@@ -25,15 +25,10 @@ There are a few options for handling this:
 
 - (**avoiding changes** - using the old `riot.DOMAIN` domain and avoiding DNS changes) -- to keep using `riot.DOMAIN` instead of `element.DOMAIN`, override the domain at which the playbook serves Element: `matrix_server_fqn_element: "riot.{{ matrix_domain }}"`
 
-- (**embracing changes** - using only `element.DOMAIN`) - set up the `element.DOMAIN` DNS record (see [Configuring DNS](configuring-dns.md)). You can drop the `riot.DOMAIN` in this case. If so, you may also wish to remove old SSL certificates (`rm -rf /matrix/ssl/config/live/riot.DOMAIN`) and renewal configuration (`rm -f /matrix/ssl/config/renewal/riot.DOMAIN.conf`), so that `certbot` would stop trying to renew them.
-
-- (**embracing changes and transitioning smoothly** - using both `element.DOMAIN` and `riot.DOMAIN`) - to serve Element at the new domain (`element.DOMAIN`) and to also have `riot.DOMAIN` redirect there - set up the `element.DOMAIN` DNS record (see [Configuring DNS](configuring-dns.md)) and enable Riot to Element redirection (`matrix_nginx_proxy_proxy_riot_compat_redirect_enabled: true`).
+- (**embracing changes** - using only `element.DOMAIN`) - set up the `element.DOMAIN` DNS record (see [Configuring DNS](configuring-dns.md)). You can drop the `riot.DOMAIN` in this case.
 
 
 ### Re-running the playbook
 
-As always, after making the necessary DNS and configuration adjustments, re-run the playbook to apply the changes:
-
-```
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+As always, after making the necessary DNS and configuration adjustments, [re-run the playbook](./installing.md) to apply the changes.
 ```
diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index 2464a510e..229c8aed2 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -3050,8 +3050,6 @@ matrix_ssl_domains_to_obtain_certificates_for: |
     +
     ([matrix_server_fqn_element] if matrix_client_element_enabled else [])
     +
-    ([matrix_nginx_proxy_proxy_riot_compat_redirect_hostname] if matrix_nginx_proxy_proxy_riot_compat_redirect_enabled else [])
-    +
     ([matrix_server_fqn_hydrogen] if matrix_client_hydrogen_enabled else [])
     +
     ([matrix_server_fqn_cinny] if matrix_client_cinny_enabled else [])
diff --git a/roles/custom/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml
index 54fed08f0..917151a1f 100644
--- a/roles/custom/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml
@@ -117,10 +117,6 @@ matrix_nginx_proxy_container_federation_host_bind_port: '8448'
 # Option to disable the access log
 matrix_nginx_proxy_access_log_enabled: true
 
-# Controls whether proxying the riot domain should be done.
-matrix_nginx_proxy_proxy_riot_compat_redirect_enabled: false
-matrix_nginx_proxy_proxy_riot_compat_redirect_hostname: "riot.{{ matrix_domain }}"
-
 # Controls whether proxying for Synapse should be done.
 matrix_nginx_proxy_proxy_synapse_enabled: false
 matrix_nginx_proxy_proxy_synapse_hostname: "matrix-nginx-proxy"
diff --git a/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml
index 90e2389a7..3ac058945 100644
--- a/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml
+++ b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml
@@ -94,13 +94,6 @@
     mode: 0644
   when: matrix_nginx_proxy_proxy_element_enabled | bool
 
-- name: Ensure Matrix nginx-proxy configuration for riot domain exists
-  ansible.builtin.template:
-    src: "{{ role_path }}/templates/nginx/conf.d/matrix-riot-web.conf.j2"
-    dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf"
-    mode: 0644
-  when: matrix_nginx_proxy_proxy_riot_compat_redirect_enabled | bool
-
 - name: Ensure Matrix nginx-proxy configuration for Hydrogen domain exists
   ansible.builtin.template:
     src: "{{ role_path }}/templates/nginx/conf.d/matrix-client-hydrogen.conf.j2"
@@ -251,12 +244,6 @@
     state: absent
   when: "not matrix_nginx_proxy_proxy_matrix_enabled | bool"
 
-- name: Ensure Matrix nginx-proxy configuration for riot domain deleted
-  ansible.builtin.file:
-    path: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf"
-    state: absent
-  when: "not matrix_nginx_proxy_proxy_riot_compat_redirect_enabled | bool"
-
 - name: Ensure Matrix nginx-proxy configuration for Element domain deleted
   ansible.builtin.file:
     path: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-element.conf"
diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-riot-web.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-riot-web.conf.j2
deleted file mode 100644
index 990269134..000000000
--- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-riot-web.conf.j2
+++ /dev/null
@@ -1,89 +0,0 @@
-#jinja2: lstrip_blocks: "True"
-
-{% macro render_vhost_directives() %}
-	{% if matrix_nginx_proxy_floc_optout_enabled %}
-		add_header Permissions-Policy interest-cohort=() always;
-	{% endif %}
-
-	{% if matrix_nginx_proxy_hsts_preload_enabled %}
-		add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
-	{% else %}
-		add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-	{% endif %}
-
-	add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}";
-
-	{% for configuration_block in matrix_nginx_proxy_proxy_riot_additional_server_configuration_blocks %}
-		{{- configuration_block }}
-	{% endfor %}
-
-	location / {
-		return 301 https://{{ matrix_nginx_proxy_proxy_element_hostname }}$request_uri;
-	}
-{% endmacro %}
-
-server {
-	listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
-	listen [::]:{{ 8080 if matrix_nginx_proxy_enabled else 80 }};
-
-
-	server_name {{ matrix_nginx_proxy_proxy_riot_compat_redirect_hostname }};
-
-	server_tokens off;
-	root /dev/null;
-
-	{% if matrix_nginx_proxy_https_enabled %}
-		location /.well-known/acme-challenge {
-			{% if matrix_nginx_proxy_enabled %}
-				{# Use the embedded DNS resolver in Docker containers to discover the service #}
-				resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s;
-				set $backend "matrix-certbot:8080";
-				proxy_pass http://$backend;
-			{% else %}
-				{# Generic configuration for use outside of our container setup #}
-				proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }};
-			{% endif %}
-		}
-
-		location / {
-			return 301 https://$http_host$request_uri;
-		}
-	{% else %}
-		{{ render_vhost_directives() }}
-	{% endif %}
-}
-
-{% if matrix_nginx_proxy_https_enabled %}
-server {
-	listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
-	listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
-
-	server_name {{ matrix_nginx_proxy_proxy_riot_compat_redirect_hostname }};
-
-	server_tokens off;
-	root /dev/null;
-
-	ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_riot_compat_redirect_hostname }}/fullchain.pem;
-	ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_riot_compat_redirect_hostname }}/privkey.pem;
-
-	ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }};
-	{% if matrix_nginx_proxy_ssl_ciphers != '' %}
-	ssl_ciphers {{ matrix_nginx_proxy_ssl_ciphers }};
-	{% endif %}
-	ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }};
-
-	{% if matrix_nginx_proxy_ocsp_stapling_enabled %}
-		ssl_stapling on;
-		ssl_stapling_verify on;
-		ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_riot_compat_redirect_hostname }}/chain.pem;
-	{% endif %}
-
-	{% if matrix_nginx_proxy_ssl_session_tickets_off %}
-		ssl_session_tickets off;
-	{% endif %}
-	ssl_session_cache {{ matrix_nginx_proxy_ssl_session_cache }};
-	ssl_session_timeout {{ matrix_nginx_proxy_ssl_session_timeout }};
-
-	{{ render_vhost_directives() }}
-}
-{% endif %}
diff --git a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
index 4720dd6a0..dd818f1fc 100644
--- a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
+++ b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
@@ -81,6 +81,8 @@
     - {'old': 'matrix_nginx_proxy_base_domain_hostname', 'new': 'matrix_static_files_container_labels_base_domain_traefik_hostname'}
     - {'old': 'matrix_nginx_proxy_base_domain_homepage_enabled', 'new': 'matrix_static_files_file_index_html_enabled'}
     - {'old': 'matrix_nginx_proxy_base_domain_create_directory', 'new': '<no longer necessary; see matrix_static_files_file_index_html_enabled>'}
+    - {'old': 'matrix_nginx_proxy_proxy_riot_compat_redirect_enabled', 'new': '<redirecting the riot domain to an element domain is no longer supported - you can implement it yourself using matrix_client_element_container_labels_additional_labels>'}
+    - {'old': 'matrix_nginx_proxy_proxy_riot_compat_redirect_hostname', 'new': '<redirecting the riot domain to an element domain is no longer supported - you can implement it yourself using matrix_client_element_container_labels_additional_labels>'}
 
 - name: (Deprecation) Catch and report matrix_postgres variables
   ansible.builtin.fail: