Instead of adding content to the site (like the about me page...) i've been configuring the server some more.
as of today i'm using DNSSEC and DANE for both web and mail.
Though it's fairly decent to set up using the right tools, i wonder how to best automate renewals, as it's tied into the certificate from letsencrypt which i renew each month (automatically).

i'm starting to think going with plesk instead of not using a control panel was a mistake, because let's face it... plesk doesn't make manual stuff easy.

to those who are interested, helpfull links for DNSSEC:

mailserver testing: ssl-tools.net and sys4.de

dnssec testing: dnsviz.net and verisignlabs.com

dane testing: sidnlabs.nl

generating tlsa records: huque.com

because i'm using plesk on this server, i've used autodnssec with some small modifications to sign the zones.