Also, may I strongly recommend deploying HTTPS on the pool's web server, configured to support TLS 1.3 and HSTS? There's currently no way for any visitor to the pool's website to tell if (a) they landed at the true solo.ckpool.org web server, (b) that third-parties are not eavesdropping on their communications with the web server, and (c) that their traffic to and from the web server has not been tampered with or injected with malicious code by third parties.

The performance overhead associated with HTTPS and TLS is less than negligible, especially with TLS 1.3. And since the pool's new dedicated server has at least a hundred times the computing and networking resources needed to run the pool efficiently, I see no plausible reason for leaving out a foundational element of modern web security in the current rebuild of the pool's infrastructure.

Mozilla has a very handy TLS configuration generator that does most of the heavy lifting for you when configuring TLS parameters. I highly recommend selecting Mozilla's Modern configuration instead of their Intermediate configuration. I see no reason to support legacy versions of web browsers; users of such browsers have far bigger problems than merely being unable to visit a website. Dropping support for TLS 1.2 also reduces the performance baggage that comes with it.

EFF's Certbot automatically obtains and renews TLS certificates from Let's Encrypt for you. Let's Encrypt's certificates are free, and they also offer wildcard certificates.