i tried to figure out how the fuck do you get a proper ssl certificate on it, fortunately there's a support for dns challenges, however it's very lacking in documentation, the only "officially" supported options are cloudflare, route56 and ovh of all places, which is useless for me given i use hetzner for dns, so there's also a "shell" option which is supposed to be some sort of way to get a shell script to do the challenge. however, it's not like the scripts from the internet are any good, i found some go script with even worse documentation and links to a bunch of forum threads which i have no capacity to read, so i tried to like wing it and of course it did not work so i just didn't do that in the end lmfao