certbot-dns-hetzner

Hetzner DNS Authenticator certbot plugin

This certbot plugin automates the process of completing a dns-01 challenge by creating, and subsequently removing, TXT records using the Hetzner DNS API.

Requirements

For certbot < 2

Notice that this plugin is only supporting certbot>=2.0 from 2.0 onwards. For older certbot versions use 1.x releases.

Install

Install this package via pip in the same python environment where you installed your certbot.

pip install certbot-dns-hetzner

Usage

To start using DNS authentication for the Hetzner DNS API, pass the following arguments on certbot's command line:

Option	Description
--authenticator dns-hetzner	select the authenticator plugin (Required)
--dns-hetzner-credentials	Hetzner DNS API credentials INI file. (Required)
--dns-hetzner-propagation-seconds	Seconds to wait for the TXT record to propagate

Credentials

From the hetzner DNS control panel at https://dns.hetzner.com go to "API Tokens" and add a personal access token.

An example credentials.ini file:

dns_hetzner_api_token = nohnah4zoo9Kiejee9aGh0thoopee2sa

Examples

To acquire a certificate for example.com

certbot certonly \\
 --authenticator dns-hetzner \\
 --dns-hetzner-credentials /path/to/my/hetzner.ini \\
 -d example.com

To acquire a certificate for *.example.com

   certbot certonly \\
     --authenticator dns-hetzner \\
     --dns-hetzner-credentials /path/to/my/hetzner.ini \\
     -d '*.example.com'

Troubleshooting

If certbot plugins does not show the installed plugin, you might need to set CERTBOT_PLUGIN_PATH.

CERTBOT_PLUGIN_PATH=/usr/local/lib/python3.9/site-packages/ certbot renew

See letsencrypt community thread

Thanks to

Of course certbot, which examples and documentation I used to implement this plugin. And to https://github.com/m42e/certbot-dns-ispconfig which served as an excellent example and README template as well.