From c7a6a69b5bc00d574ac90bc77bdf013d68fdc971 Mon Sep 17 00:00:00 2001
From: cynic <cynic@mesh.kyun.li>
Date: Sun, 18 Aug 2024 22:46:07 +0000
Subject: [PATCH] fix letsencrypt validation bug

---
 get-certs.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/get-certs.sh b/get-certs.sh
index 5191d91..77b4ccf 100755
--- a/get-certs.sh
+++ b/get-certs.sh
@@ -116,7 +116,7 @@ if [ "$proxychains" = true ] ; then
   fi
 fi
 
-# register zerossl account  ## we're using letsencrypt by the moment
+# register zerossl account  ## disabled, using letsencrypt at the moment
 #$acme_cmd \
 #  --register-account \
 #  -m admin@$domain \
@@ -165,6 +165,7 @@ else
 fi
 
 # launch main dnsmasq process
+letsencrypt_CAA="000569737375656c657473656e63727970742e6f7267"
 touch $tmp_conf_file \
   && dnsmasq \
     --conf-file=$tmp_conf_file \
@@ -172,6 +173,7 @@ touch $tmp_conf_file \
     -p $alternative_dns_port \
     --address="/$domain/$my_ygg_ip" \
     --address="/$domain/$bridge46_ipv4" \
+    --dns-rr=$domain,257,$letsencrypt_CAA \
     --server="/_acme-challenge.$domain/127.0.0.1#$acme_challenge_port" \
     1>&- 2>&- &
 main_dnsmasq_pid=$!