fix letsencrypt validation bug

get-certs.sh

@@ -116,7 +116,7 @@ if [ "$proxychains" = true ] ; then
   fi
 fi
 
-# register zerossl account  ## we're using letsencrypt by the moment
+# register zerossl account  ## disabled, using letsencrypt at the moment
 #$acme_cmd \
 #  --register-account \
 #  -m admin@$domain \
@@ -165,6 +165,7 @@ else
 fi
 
 # launch main dnsmasq process
+letsencrypt_CAA="000569737375656c657473656e63727970742e6f7267"
 touch $tmp_conf_file \
   && dnsmasq \
     --conf-file=$tmp_conf_file \
@@ -172,6 +173,7 @@ touch $tmp_conf_file \
     -p $alternative_dns_port \
     --address="/$domain/$my_ygg_ip" \
     --address="/$domain/$bridge46_ipv4" \
+    --dns-rr=$domain,257,$letsencrypt_CAA \
     --server="/_acme-challenge.$domain/127.0.0.1#$acme_challenge_port" \
     1>&- 2>&- &
 main_dnsmasq_pid=$!