While doing our work as software developers and sometimes devops engineers we all too often stumble across a piece of Open Source Software
we desperately need for our current task, but is dysfunctional or missing a feature. Being busy people we tend to then move on to the next
alternative or build hasty workarounds for the problem. But not always! This time we spend some effort and share our solution for a recent problem.
For some of our internal services we need wildcard certificates from letsencrypt. Those are only available via
DNS-01 challenge
.
Our DNS provider being
Hetzner
their DNS configuration did not have API access, only a web form that actually had a cool but pretty flaky and
hacky solution for automated DNS challenging
. They recently introduced a new configuration interface for DNS
alongside with a
new API
. Making the old approach unusable it enabled us to write an actual DNS provider plugin for
certbot
-
the official CLI tool for letsencrypt. In the process we had some opportunity to fiddle with some fancy new tech like
GitHub Actions
.
We hope some other Hetzner customers will find our little plugin helpful which is available on Github and pypi.org