This is a Certbot DNS plugin for the new Hetzner Cloud DNS, which allows you to automate the process of obtaining and renewing SSL/TLS certificates using the DNS-01 challenge method. This Plugin is not compatible with the old Hetzner DNS Console and you might want to take a look at the certbot-dns-hetzner plugin instead.
To install the Certbot DNS plugin for Hetzner Cloud DNS, you can either use pip or snap.
If you installed Certbot within a virtual environment (e.g., /opt/certbot) as per official Certbot instructions
you can install the plugin using the following command:
/opt/certbot/bin/pip install certbot-dns-hetzner-cloudIf you installed Certbot using snap, you can install the plugin with the following commands:
sudo snap install certbot-dns-hetzner-cloud
sudo snap set certbot trust-plugin-with-root=ok
sudo snap connect certbot:plugin certbot-dns-hetzner-cloudAfter installation, you can verify that the plugin is available by running:
certbot pluginsyou should see dns-hetzner-cloud listed among the available plugins.
Create a configuration file under /etc/letsencrypt/hetzner-cloud.ini with the following content:
# Hetzner Cloud API Token
dns_hetzner_cloud_api_token = your_api_token_hereMake sure to set the correct permissions for the configuration file to protect your API token:
sudo chmod 600 /etc/letsencrypt/hetzner_cloud.iniIf you want to use a different path for the configuration file, you can specify it using the --dns-hetzner-cloud-credentials option when running Certbot.
You can use the plugin with Certbot by specifying the dns-hetzner-cloud authenticator.
Here is an example command to obtain a certificate for a wildcard subdomain:
certbot certonly --agree-tos \
--authenticator dns-hetzner-cloud \
-d '*.example.eu'If you want to use a different path for the configuration file, you can specify it using the
--dns-hetzner-cloud-credentials option.
certbot certonly --agree-tos \
--authenticator dns-hetzner-cloud \
--dns-hetzner-cloud-credentials /path/to/your/hetzner_cloud.ini \
-d '*.example.eu'