diff --git a/packaging/systemd/miniflux.service b/packaging/systemd/miniflux.service
index a32075a4..d160b5e4 100644
--- a/packaging/systemd/miniflux.service
+++ b/packaging/systemd/miniflux.service
@@ -43,5 +43,13 @@ RestrictRealtime=true
 # https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ReadWritePaths=
 ReadWritePaths=/run
 
+# Allow miniflux to bind to <1024 ports
+# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#AmbientCapabilities=
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+# Provide a private /tmp for CERT_CACHE (required when using Let's Encrypt)
+# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#PrivateTmp=
+PrivateTmp=true
+
 [Install]
 WantedBy=multi-user.target