From 621e43ab57e0429b6ae036123961a27edb5d2855 Mon Sep 17 00:00:00 2001
From: mic0 <mic0@mic0.dev>
Date: Tue, 18 Nov 2025 15:07:21 +0100
Subject: [PATCH] Some fixes and additions

---
 README.md        |  9 ++++++---
 firewall.md      |  2 +-
 nginx-certbot.md | 19 +++++++++++++++++++
 3 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index a4e94b5..787f66d 100644
--- a/README.md
+++ b/README.md
@@ -1,11 +1,13 @@
 # Guide for systems / infra maintanance and creation
 
-This guide is assuming you are setting up or maintaining an AlmaLinux (9, 10) server.
+This guide encapsulates my experience of wrangling servers and provides good defaults and recipes on how to run shit that wont ever brake down so you can focus on more important things.
+
+It assumes you are setting up or maintaining an AlmaLinux (9, 10) server.
 It guides you from setting up a fresh machine, to installing build dependencies, configuring the firewall, serving and monitoring your apps and lastly protecting them from DDOS.
 
 ## [Setting up a new machine](setup.md)
 
-Prepare a new machine for use with an `admin` user. Lock out everything but to it. 
+Prepare a new machine for use with an `admin` user. Lock out everything but SSH to it. 
 
 ## [Installing aplications and build tools](applications.md)
 
@@ -14,7 +16,8 @@ Set up your apps in `/srv/` partition.
 
 ## [Firewall (opening/checking ports)](firewall.md)
 
-How to open firewall to let outside traffic to your apps.
+How to open firewall to let outside traffic to your apps. How to check and set firewall zones.
+If your service is timing out (nothing gets thru) this is probably the answer.
 
 ## [Running services and logging with systemd](systemd.md)
 
diff --git a/firewall.md b/firewall.md
index 203e210..94344d3 100644
--- a/firewall.md
+++ b/firewall.md
@@ -42,7 +42,7 @@ sudo firewall-cmd --zone=public --list-ports
 Change the default zone to `public` with
 
 ```sh
-sudo firewall-cmd --permanent --zone=public
+sudo firewall-cmd --set-default-zone=public
 ```
 
 Then open the relevant ports and reload the firewall
diff --git a/nginx-certbot.md b/nginx-certbot.md
index b46966c..9fb783d 100644
--- a/nginx-certbot.md
+++ b/nginx-certbot.md
@@ -85,3 +85,22 @@ server {
 }
 
 ```
+
+Test and reload nginx by:
+
+```sh
+# Test configuration
+sudo nginx -t
+# Reload nginx
+sudo systemctl reload nginx
+```
+
+## Deleting Certbot certificates
+
+```sh
+# List your certificates
+sudo certbot certificates
+# Delete by name
+sudo certbot delete --cert-name sub.domain.com
+```
+