VIPHOSTPEStrong HTTPS on VPS — TLS Ciphers, HSTS & Renewal
Recommended setup
- Enable modern TLS ciphers and TLSv1.3.
- Use HSTS to enforce HTTPS; include subdomains carefully.
- OCSP stapling for faster certificate checks.
- Automatic renewal with Certbot or acme client.
Test & monitor
Use SSL Labs test; monitor expiry and renewal logs. Redirect all HTTP to HTTPS.