diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..fbff06a
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,11 @@
+version: 2
+updates:
+- package-ecosystem: pip
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10
+  ignore:
+  - dependency-name: cement
+    versions:
+    - ">= 3.a, < 4"
diff --git a/README.md b/README.md
index 77d3d5e..8a19e20 100644
--- a/README.md
+++ b/README.md
@@ -177,7 +177,6 @@ Apps & Tools shipped with WordOps :
 - [phpRedisAdmin](https://github.com/erikdubbelboer/phpRedisAdmin)
 - [opcacheGUI](https://github.com/amnuts/opcache-gui)
 - [eXtplorer](https://github.com/soerennb/extplorer)
-- [MySQLTuner](https://github.com/major/MySQLTuner-perl/)
 - [Webgrind](https://github.com/jokkedk/webgrind)
 - [MySQLTuner](https://github.com/major/MySQLTuner-perl)
 - [Fail2Ban](https://github.com/fail2ban/fail2ban)
diff --git a/install b/install
index d1f4fb5..594d5be 100755
--- a/install
+++ b/install
@@ -421,6 +421,7 @@ wo_install_acme_sh() {
         /etc/letsencrypt/acme.sh --config-home '/etc/letsencrypt/config' --upgrade --auto-upgrade
         /etc/letsencrypt/acme.sh --config-home '/etc/letsencrypt/config' --uninstall-cronjob
         /etc/letsencrypt/acme.sh --config-home '/etc/letsencrypt/config' --install-cronjob
+        /etc/letsencrypt/acme.sh --set-default-ca --server letsencrypt
     fi
 
 }
diff --git a/requirements.txt b/requirements.txt
index 7373c0b..6717c83 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,5 +1,4 @@
 cement==2.10.12
-pystache>=0.5.4
 pynginxconfig>=0.3.4
 PyMySQL>=0.10.1
 psutil>=5.7.3
diff --git a/wo/cli/plugins/secure.py b/wo/cli/plugins/secure.py
index 619e907..3b3079c 100644
--- a/wo/cli/plugins/secure.py
+++ b/wo/cli/plugins/secure.py
@@ -23,7 +23,7 @@ class WOSecureController(CementBaseController):
         stacked_on = 'base'
         stacked_type = 'nested'
         description = (
-            'Secure command provide the ability to'
+            'Secure command provide the ability to '
             'adjust settings for backend and to harden server security.')
         arguments = [
             (['--auth'],
diff --git a/wo/cli/templates/brotli.mustache b/wo/cli/templates/brotli.mustache
index 6a8ae82..7bbea31 100644
--- a/wo/cli/templates/brotli.mustache
+++ b/wo/cli/templates/brotli.mustache
@@ -4,8 +4,7 @@
 
 	brotli on;
 	brotli_static on;
-	brotli_buffers 16 8k;
-	brotli_comp_level 4;
+	brotli_comp_level 6;
 	brotli_types
 	application/atom+xml
 	application/geo+json
@@ -44,4 +43,4 @@
 	text/vtt
 	text/x-component
 	text/x-cross-domain-policy
-	text/xml;
\ No newline at end of file
+	text/xml;
diff --git a/wo/cli/templates/cloudflare.mustache b/wo/cli/templates/cloudflare.mustache
index 38355fe..d18f33e 100644
--- a/wo/cli/templates/cloudflare.mustache
+++ b/wo/cli/templates/cloudflare.mustache
@@ -10,9 +10,10 @@ set_real_ip_from 188.114.96.0/20;
 set_real_ip_from 197.234.240.0/22;
 set_real_ip_from 198.41.128.0/17;
 set_real_ip_from 162.158.0.0/15;
-set_real_ip_from 104.16.0.0/12;
 set_real_ip_from 172.64.0.0/13;
 set_real_ip_from 131.0.72.0/22;
+set_real_ip_from 104.16.0.0/13;
+set_real_ip_from 104.24.0.0/14;
 set_real_ip_from 2400:cb00::/32;
 set_real_ip_from 2606:4700::/32;
 set_real_ip_from 2803:f800::/32;
diff --git a/wo/cli/templates/map-wp.mustache b/wo/cli/templates/map-wp.mustache
index 63b45fa..31c1b1d 100644
--- a/wo/cli/templates/map-wp.mustache
+++ b/wo/cli/templates/map-wp.mustache
@@ -28,22 +28,22 @@ map $http_cookie $cookie_no_cache {
 map $request_uri $uri_no_cache {
     default 0;
     "~*/wp-admin/" 1;
-    "~*/wp-[a-zA-Z0-9-]+.php" 1;
+    "~*/wp-[a-zA-Z0-9-]+\.php" 1;
     "~*/feed/" 1;
-    "~*/index.php" 1;
-    "~*/[a-z0-9_-]+-sitemap([0-9]+)?.xml" 1;
-    "~*/sitemap(_index)?.xml" 1;
-    "~*/wp-comments-popup.php" 1;
-    "~*/wp-links-opml.php" 1;
-    "~*/xmlrpc.php" 1;
-    "~*/edd-sl/*" 1;
+    "~*/index\.php" 1;
+    "~*/[a-z0-9_-]+-sitemap([0-9]+)?\.xml" 1;
+    "~*/sitemap(_index)?\.xml" 1;
+    "~*/wp-comments-popup\.php" 1;
+    "~*/wp-links-opml\.php" 1;
+    "~*/xmlrpc\.php" 1;
+    "~*/edd-sl/.*" 1;
     "~*/add_to_cart/" 1;
     "~*/cart/" 1;
     "~*/account/" 1;
     "~*/my-account/" 1;
     "~*/checkout/" 1;
     "~*/addons/" 1;
-    "~*/wc-api/*" 1;
+    "~*/wc-api/.*" 1;
     "~*/logout/" 1;
     "~*/lost-password/" 1;
     "~*/panier/" 1;
@@ -51,6 +51,7 @@ map $request_uri $uri_no_cache {
     "~*/embed" 1;
     "~*/commande/" 1;
     "~*/resetpass/" 1;
+    "~*/wp.serviceworker" 1;
 }
 # mobile_prefix needed for WP-Rocket
 map $http_user_agent $mobile_prefix {
diff --git a/wo/core/variables.py b/wo/core/variables.py
index 502fc5e..209b2e2 100644
--- a/wo/core/variables.py
+++ b/wo/core/variables.py
@@ -177,14 +177,14 @@ class WOVar():
     wo_ubuntu_backports = 'ppa:jonathonf/backports'
 
     # APT repositories
-    wo_mysql_repo = ("deb [arch=amd64,ppc64el] "
+    wo_mysql_repo = ("deb [arch=amd64,arm64,ppc64el] "
                      "http://mariadb.mirrors.ovh.net/MariaDB/repo/"
                      "10.5/{distro} {codename} main"
                      .format(distro=wo_distro,
                              codename=wo_platform_codename))
     if wo_distro == 'ubuntu':
         wo_php_repo = "ppa:ondrej/php"
-        wo_redis_repo = ("ppa:chris-lea/redis-server")
+        wo_redis_repo = ("ppa:redislabs/redis")
         wo_goaccess_repo = ("ppa:alex-p/goaccess")
 
     else: