Hetzner DNS Console plugin for Certbot
To start using DNS authentication for the Hetzner DNS API, pass the following arguments on certbot's command line:
| Option | Description |
|---|---|
--authenticator dns-hetzner |
Select the authenticator plugin (Required) |
--dns-hetzner-credentials |
Hetzner DNS API credentials INI file. (Required) |
--dns-hetzner-propagation-seconds |
Seconds to wait for the TXT record to propagate |
From the Hetzner DNS control panel at https://dns.hetzner.com go to "API Tokens" and add a personal access token.
An example hetzner.ini file:
dns_hetzner_api_token = 986fg8j98498sdgnfgu4sfdkfCreate a .secrets folder under /etc/letsencrypt and secure the folder as follows:
mkdir /etc/letsencrypt/.secrets
chown root:root /etc/letsencrypt/.secrets
chmod 600 /etc/letsencrypt/.secretsMove the hetzner.ini into the folder:
mv credentials.ini /etc/letsencrypt/.secrets/hetzner.iniTo acquire a certificate for example.com
certbot certonly \
--authenticator dns-hetzner \
--dns-hetzner-credentials /etc/letsencrypt/.secrets/hetzner.ini \
-d example.comTo acquire a certificate for *.example.com
certbot certonly \
--authenticator dns-hetzner \
--dns-hetzner-credentials /etc/letsencrypt/.secrets/hetzner.ini \
-d '*.example.com'In order to create a docker container with a certbot-dns-hetzner installation,
create an empty directory with the following Dockerfile:
FROM certbot/certbot:latest
# Install git
RUN apk update && apk upgrade && \
apk add --no-cache bash git openssh
# Get the plugin
RUN git clone https://github.com/MrSpoocy/certbot-dns-hetzner.git certbot/certbot-dns-hetzner/
# Install plugin
RUN pip install -e certbot/certbot-dns-hetznerProceed to build the image::
docker build -t certbot/dns-hetzner .Once that's finished, the application can be run as follows::
docker run -it --rm --name certbot \
-v /var/lib/letsencrypt:/var/lib/letsencrypt \
-v /etc/letsencrypt:/etc/letsencrypt \
certbot/dns-hetzner certonly \
--authenticator dns-hetzner \
--dns-hetzner-credentials /etc/letsencrypt/.secrets/hetzner.ini \
-d example.com -d '*.example.com'Renew the existing certificates
docker run -it --rm --name certbot \
-v /var/lib/letsencrypt:/var/lib/letsencrypt \
-v /etc/letsencrypt:/etc/letsencrypt \
certbot/dns-hetzner renew \
--authenticator dns-hetzner \
--dns-hetzner-credentials /etc/letsencrypt/.secrets/hetzner.iniOf course certbot, which examples and documentation I used to implement this plugin. And to https://github.com/m42e/certbot-dns-ispconfig which served as an excellent example and README template as well.
