iptablesrules. However, there's been a common theme where a lot of Red Teams use LetsEncrypt - because it's free. Instead, CloudFlare offers free SSL certificates on front of your domains if you use their services. Not only does it provide accelerated content delivery due to their CDN, it can help you automate the SSL deployment process, and also provides a plethora of extended features. These features include Firewall Rules to restrict access to your origin servers.
iptablesrules to allow only CloudFlare IP Address Ranges to TCP port 80 and 443.