Two more (relatively simple) changes - when you break free of the newbieness - LOL
DNS CAA
ECDSA cert see also: Howto obtain ECDSA cert (in addition to RSA) with certbot?
[you don’t need both - but two is better than one and ECDSA is better than RSA]
In case you haven’t noticed - this is me challenging you…
To be the best that you can be at this 