This certbot plugin automates the process of completing a dns-01 challenge by creating, and subsequently removing, TXT records using the Hetzner DNS API.
Notice that this plugin is only supporting certbot>=2.0 from 2.0 onwards. For older certbot versions use 1.x releases.
Install this package via pip in the same python environment where you installed your certbot.
pip install certbot-dns-hetzner
To start using DNS authentication for the Hetzner DNS API, pass the following arguments on certbot's command line:
| Option | Description |
|---|---|
--authenticator dns-hetzner |
select the authenticator plugin (Required) |
--dns-hetzner-credentials |
Hetzner DNS API credentials INI file. (Required) |
--dns-hetzner-propagation-seconds |
Seconds to wait for the TXT record to propagate |
From the hetzner DNS control panel at https://dns.hetzner.com go to "API Tokens" and add a personal access token.
Please make sure to use the absolute path - some users experienced problems with relative paths.
An example credentials.ini file:
dns_hetzner_api_token = nohnah4zoo9Kiejee9aGh0thoopee2saTo acquire a certificate for example.com
certbot certonly \\
--authenticator dns-hetzner \\
--dns-hetzner-credentials /path/to/my/hetzner.ini \\
-d example.comTo acquire a certificate for *.example.com
certbot certonly \\
--authenticator dns-hetzner \\
--dns-hetzner-credentials /path/to/my/hetzner.ini \\
-d '*.example.com'If certbot plugins does not show the installed plugin, you might need to set CERTBOT_PLUGIN_PATH.
CERTBOT_PLUGIN_PATH=/usr/local/lib/python3.9/site-packages/ certbot renew
See letsencrypt community thread
Please ensure to use an absolute path for the credentials file - some users experienced problems with relative paths.
Of course certbot, which examples and documentation I used to implement this plugin. And to https://github.com/m42e/certbot-dns-ispconfig which served as an excellent example and README template as well.